Published: 10/06/2009 Updated: 03/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari prior to 4.0 allows remote malicious users to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari 3.1.2
apple safari 0.8
apple safari 2.0
apple safari 2.0.2
apple safari 3.0
apple safari 1.0
apple safari 1.0.3
apple safari 2.0.4
apple safari 3.2.1
apple safari 3.0.3
apple safari 3.0.4
apple safari 1.1
apple safari 1.2
apple safari 1.3
apple safari 3.2.3
apple safari
apple safari 3.1.1
apple safari 3.1
apple safari 1.3.1
apple safari 1.3.2
apple safari 3.0.2
apple safari 0.9
apple safari 3.2
apple safari 3.0.1
apple safari 3.2.2

Synopsis Critical: kdegraphics security update Type/Severity Security Advisory: Critical Topic Updated kdegraphics packages that fix two security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

It was discovered that KDE-Graphics did not properly handle certain malformed SVG images If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program ...

Two security issues have been discovered in kdegraphics, the graphics apps from the official KDE release The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0945 It was discovered that the KSVG animation element implementation suffers from a null pointer dereference flaw, which could lead to the execution ...

Debian Bug report logs - #534951 CVE-2009-1709 Package: kdegraphics; Maintainer for kdegraphics is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for kdegraphics is src:meta-kde (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Sun, 28 Jun 2009 13:30:01 UTC Severit ...

Debian Bug report logs - #532718 libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit Package: libqt4-webkit; Maintainer for libqt4-webkit is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for libqt4-webkit is src:qt4-x11 (PTS, buildd, popcon) Reported by: Luciano Bello ...

Debian Bug report logs - #535793 webkit: deluge of security vulnerabilities Package: webkit; Maintainer for webkit is (unknown); Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Sun, 5 Jul 2009 05:18:04 UTC Severity: grave Tags: fixed-upstream, security Found in version 101-4 Fixed in version 1121-1 ...

CWE-399 http://secunia.com/advisories/35379 http://securitytracker.com/id?1022345 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://support.apple.com/kb/HT3613 http://www.zerodayinitiative.com/advisories/ZDI-09-034/http://osvdb.org/55013 http://www.securityfocus.com/bid/35334 http://www.redhat.com/support/errata/RHSA-2009-1130.html http://secunia.com/advisories/35576 http://secunia.com/advisories/36461 http://www.mandriva.com/security/advisories?name=MDVSA-2010:182 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://www.vupen.com/english/advisories/2011/0212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10162 https://usn.ubuntu.com/823-1/https://access.redhat.com/errata/RHSA-2009:1130 https://usn.ubuntu.com/823-1/https://nvd.nist.gov

CVE-2009-1709

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect