CVE-2009-1709 (retired)

Priority
Description
Use-after-free vulnerability in the garbage-collection implementation in
WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to
execute arbitrary code or cause a denial of service (heap corruption and
application crash) via an SVG animation element, related to SVG set
objects, SVG marker elements, the targetElement attribute, and unspecified
"caches."
Notes
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit
 mdeslaur> PoC: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/animate-elem-63-t.svg?format=txt
 mdeslaur> More reproducers: https://bugs.webkit.org/show_bug.cgi?id=18551
 mdeslaur> for kde4libs, code not present in hardy and intrepid
 mdeslaur> and code already fixed in jaunty and karmic
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/32039
More Information

Updated: 2019-03-26 11:48:00 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)