Your submission was sent successfully! Close

CVE-2009-1698

Published: 10 June 2009

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Priority

Medium

Status

Package Release Status
kde4libs
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Vendor: https://bugzilla.redhat.com/attachment.cgi?id=355171
kdelibs
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Vendor: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.diff.gz
qt4-x11
Launchpad, Ubuntu, Debian
Upstream Needs triage

webkit
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://trac.webkit.org/changeset/42081

Notes

AuthorNote
jdstrand
webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur
reproducer: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing.html?rev=42081&format=txt
expected results: http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/attr-parsing-expected.txt?rev=42081&format=txt

References

Bugs