CVE-2009-1725

Priority
Description
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1,
iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in
kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do
not properly handle numeric character references, which allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via a crafted HTML document.
Assigned-to
micahg
Notes
jdstrandwebkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaurPoC: http://trac.webkit.org/browser/trunk/LayoutTests/fast/parser/eightdigithexentity.html?rev=44799&format=txt
expected output: http://trac.webkit.org/browser/trunk/LayoutTests/fast/parser/eightdigithexentity-expected.txt?rev=44799&format=txt
direct link: http://trac.webkit.org/export/46476/trunk/LayoutTests/fast/parser/eightdigithexentity.html
as per RH bug, in kde4libs, this is a rendering bug, not a security bug
Package
Upstream:needs-triage
Patches:
Upstream:http://websvn.kde.org/?view=rev&revision=1002164 (3.5)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/44799
More Information

Updated: 2019-12-05 20:53:15 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)