CVE-2009-1698

Priority
Description
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone
OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during
handling of a Cascading Style Sheets (CSS) attr function call with a large
numerical argument, which allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption and application crash) via
a crafted HTML document.
Assigned-to
micahg
Notes
jdstrandwebkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaurreproducer: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing.html?rev=42081&format=txt
expected results: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing-expected.txt?rev=42081&format=txt
Package
Upstream:needs-triage
Patches:
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=355171
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/42081
More Information

Updated: 2019-12-05 20:53:14 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)