Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 271863 - <x11-libs/qt-webkit-4.5.2-r1: Array indexing vulnerability (CVE-2009-0945)
Summary: <x11-libs/qt-webkit-4.5.2-r1: Array indexing vulnerability (CVE-2009-0945)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://support.apple.com/kb/HT3549
Whiteboard: B2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-30 11:30 UTC by Robert Buchholz (RETIRED)
Modified: 2014-05-31 20:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-05-30 11:30:14 UTC
CVE-2009-0945 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0945):
  Array index error in the insertItemBefore method in WebKit, as used
  in Safari before 3.2.3 and 4 Public Beta, Google Chrome Stable before
  1.0.154.65, and possibly other products allows remote attackers to
  execute arbitrary code via a document with a SVGPathList data
  structure containing a negative index in the (1) SVGTransformList,
  (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5)
  SVGPointList, or (6) SVGLengthList SVGList object, which triggers
  memory corruption.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-05-30 11:33:58 UTC
The reproducer crashes with 4.4.2-r1, haven't tried 4.5.1.

<script>
 var p = document.createElementNS("http://www.w3.org/2000/svg","path");
 p.pathSegList.insertItemBefore(null,1);
</script>
Comment 2 Jaak Ristioja 2010-07-23 08:47:07 UTC
According to https://bugzilla.redhat.com/show_bug.cgi?id=506703#c15 this has been fixed in Qt 4.5.2. The oldest version of qt-webkit in portage is 4.5.3.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-12-09 00:21:43 UTC
Please don't close security bugs; even the really old ones. Added to existing GLSA request.
Comment 4 Sean Amoss gentoo-dev Security 2014-05-31 20:56:52 UTC
This issue has been fixed since Oct 11, 2009. No GLSA will be issued.