CVE-2009-1698 (retired)

Priority
Description
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone
OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during
handling of a Cascading Style Sheets (CSS) attr function call with a large
numerical argument, which allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption and application crash) via
a crafted HTML document.
Notes
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit
 mdeslaur> reproducer: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing.html?rev=42081&format=txt
 mdeslaur> expected results: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing-expected.txt?rev=42081&format=txt
Assigned-to
micahg
Package
Upstream:needs-triage
Patches:
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=355171
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/42081
More Information

Updated: 2019-03-26 11:47:59 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)