Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 271863 - <x11-libs/qt-webkit-4.5.2-r1: Array indexing vulnerability (CVE-2009-0945)
Summary: <x11-libs/qt-webkit-4.5.2-r1: Array indexing vulnerability (CVE-2009-0945)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [noglsa]
Depends on:
Reported: 2009-05-30 11:30 UTC by Robert Buchholz (RETIRED)
Modified: 2014-05-31 20:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-05-30 11:30:14 UTC
CVE-2009-0945 (
  Array index error in the insertItemBefore method in WebKit, as used
  in Safari before 3.2.3 and 4 Public Beta, Google Chrome Stable before, and possibly other products allows remote attackers to
  execute arbitrary code via a document with a SVGPathList data
  structure containing a negative index in the (1) SVGTransformList,
  (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5)
  SVGPointList, or (6) SVGLengthList SVGList object, which triggers
  memory corruption.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-05-30 11:33:58 UTC
The reproducer crashes with 4.4.2-r1, haven't tried 4.5.1.

 var p = document.createElementNS("","path");
Comment 2 Jaak Ristioja 2010-07-23 08:47:07 UTC
According to this has been fixed in Qt 4.5.2. The oldest version of qt-webkit in portage is 4.5.3.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-12-09 00:21:43 UTC
Please don't close security bugs; even the really old ones. Added to existing GLSA request.
Comment 4 Sean Amoss gentoo-dev Security 2014-05-31 20:56:52 UTC
This issue has been fixed since Oct 11, 2009. No GLSA will be issued.