Your submission was sent successfully! Close

CVE-2009-1698

Published: 10 June 2009

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Priority

Medium

Status

Package Release Status
kde4libs
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Ignored
(reached end-of-life)
intrepid
Released (4:4.1.4-0ubuntu1~intrepid1.2)
jaunty
Released (4:4.2.2-0ubuntu5.1)
karmic Not vulnerable
(4:4.3.0-0ubuntu6)
lucid Not vulnerable
(4:4.3.0-0ubuntu6)
maverick Not vulnerable
(4:4.3.0-0ubuntu6)
natty Not vulnerable
(4:4.3.0-0ubuntu6)
upstream Needs triage

kdelibs
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy
Released (4:3.5.10-0ubuntu1~hardy1.2)
intrepid
Released (4:3.5.10-0ubuntu6.1)
jaunty
Released (4:3.5.10.dfsg.1-1ubuntu8.1)
karmic
Released (4:3.5.10.dfsg.1-2ubuntu5)
lucid
Released (4:3.5.10.dfsg.1-2ubuntu5)
maverick
Released (4:3.5.10.dfsg.1-2ubuntu5)
natty
Released (4:3.5.10.dfsg.1-2ubuntu5)
upstream Needs triage

qt4-x11
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(no webkit)
hardy Not vulnerable
(no webkit)
intrepid
Released (4.4.3-0ubuntu1.4)
jaunty
Released (4.5.0-0ubuntu4.3)
karmic Not vulnerable
(4.5.2-0ubuntu5)
lucid Not vulnerable
(4.5.2-0ubuntu5)
maverick Not vulnerable
(4.5.2-0ubuntu5)
natty Not vulnerable
(4.5.2-0ubuntu5)
upstream Needs triage

webkit
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Ignored
(reached end-of-life)
intrepid
Released (1.0.1-2ubuntu0.2)
jaunty
Released (1.0.1-4ubuntu0.1)
karmic Not vulnerable
(1.1.12-1ubuntu1)
lucid Not vulnerable
(1.1.12-1ubuntu1)
maverick Not vulnerable
(1.1.12-1ubuntu1)
natty Not vulnerable
(1.1.12-1ubuntu1)
upstream Needs triage

Notes

AuthorNote
jdstrand
webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur
reproducer: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing.html?rev=42081&format=txt
expected results: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing-expected.txt?rev=42081&format=txt

References

Bugs