Vulnerability Details CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.117
EPSS Ranking 93.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://code.google.com/p/chromium/issues/detail?id=9019
- http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00001.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/35056
- http://secunia.com/advisories/35074
- http://secunia.com/advisories/35095
- http://secunia.com/advisories/35576
- http://secunia.com/advisories/35805
- http://secunia.com/advisories/36062
- http://secunia.com/advisories/36461
- http://secunia.com/advisories/36790
- http://secunia.com/advisories/37746
- http://secunia.com/advisories/43068
- http://support.apple.com/kb/HT3549
- http://support.apple.com/kb/HT3550
- http://support.apple.com/kb/HT3639
- http://www.debian.org/security/2009/dsa-1950
- http://www.redhat.com/support/errata/RHSA-2009-1130.html
- http://www.securityfocus.com/archive/1/503594/100/0/threaded
- http://www.securityfocus.com/bid/34924
- http://www.securitytracker.com/id?1022207
- http://www.ubuntu.com/usn/USN-822-1
- http://www.ubuntu.com/usn/USN-836-1
- http://www.ubuntu.com/usn/USN-857-1
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- http://www.vupen.com/english/advisories/2009/1298
- http://www.vupen.com/english/advisories/2009/1321
- http://www.vupen.com/english/advisories/2009/1621
- http://www.vupen.com/english/advisories/2011/0212
- http://www.zerodayinitiative.com/advisories/ZDI-09-022
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50477
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584
- https://usn.ubuntu.com/823-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
- http://code.google.com/p/chromium/issues/detail?id=9019
- http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00001.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/35056
- http://secunia.com/advisories/35074
- http://secunia.com/advisories/35095
- http://secunia.com/advisories/35576
- http://secunia.com/advisories/35805
- http://secunia.com/advisories/36062
- http://secunia.com/advisories/36461
- http://secunia.com/advisories/36790
- http://secunia.com/advisories/37746
- http://secunia.com/advisories/43068
- http://support.apple.com/kb/HT3549
- http://support.apple.com/kb/HT3550
- http://support.apple.com/kb/HT3639
- http://www.debian.org/security/2009/dsa-1950
- http://www.redhat.com/support/errata/RHSA-2009-1130.html
- http://www.securityfocus.com/archive/1/503594/100/0/threaded
- http://www.securityfocus.com/bid/34924
- http://www.securitytracker.com/id?1022207
- http://www.ubuntu.com/usn/USN-822-1
- http://www.ubuntu.com/usn/USN-836-1
- http://www.ubuntu.com/usn/USN-857-1
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- http://www.vupen.com/english/advisories/2009/1298
- http://www.vupen.com/english/advisories/2009/1321
- http://www.vupen.com/english/advisories/2009/1621
- http://www.vupen.com/english/advisories/2011/0212
- http://www.zerodayinitiative.com/advisories/ZDI-09-022
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50477
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584
- https://usn.ubuntu.com/823-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Products affected by CVE-2009-0945
-
cpe:2.3:a:apple:safari:-
-
cpe:2.3:a:apple:safari:0.8
-
cpe:2.3:a:apple:safari:0.9
-
cpe:2.3:a:apple:safari:1.0
-
cpe:2.3:a:apple:safari:1.0.0
-
cpe:2.3:a:apple:safari:1.0.0b1
-
cpe:2.3:a:apple:safari:1.0.0b2
-
cpe:2.3:a:apple:safari:1.0.1
-
cpe:2.3:a:apple:safari:1.0.2
-
cpe:2.3:a:apple:safari:1.0.3
-
cpe:2.3:a:apple:safari:1.0b1
-
cpe:2.3:a:apple:safari:1.1
-
cpe:2.3:a:apple:safari:1.1.0
-
cpe:2.3:a:apple:safari:1.1.1
-
cpe:2.3:a:apple:safari:1.2
-
cpe:2.3:a:apple:safari:1.2.0
-
cpe:2.3:a:apple:safari:1.2.1
-
cpe:2.3:a:apple:safari:1.2.2
-
cpe:2.3:a:apple:safari:1.2.3
-
cpe:2.3:a:apple:safari:1.2.4
-
cpe:2.3:a:apple:safari:1.2.5
-
cpe:2.3:a:apple:safari:1.3
-
cpe:2.3:a:apple:safari:1.3.0
-
cpe:2.3:a:apple:safari:1.3.1
-
cpe:2.3:a:apple:safari:1.3.2
-
cpe:2.3:a:apple:safari:2
-
cpe:2.3:a:apple:safari:2.0
-
cpe:2.3:a:apple:safari:2.0.0
-
cpe:2.3:a:apple:safari:2.0.1
-
cpe:2.3:a:apple:safari:2.0.2
-
cpe:2.3:a:apple:safari:2.0.3
-
cpe:2.3:a:apple:safari:2.0.4
-
cpe:2.3:a:apple:safari:3
-
cpe:2.3:a:apple:safari:3.0
-
cpe:2.3:a:apple:safari:3.0.0
-
cpe:2.3:a:apple:safari:3.0.0b
-
cpe:2.3:a:apple:safari:3.0.1
-
cpe:2.3:a:apple:safari:3.0.1b
-
cpe:2.3:a:apple:safari:3.0.2
-
cpe:2.3:a:apple:safari:3.0.2b
-
cpe:2.3:a:apple:safari:3.0.3
-
cpe:2.3:a:apple:safari:3.0.3b
-
cpe:2.3:a:apple:safari:3.0.4
-
cpe:2.3:a:apple:safari:3.0.4b
-
cpe:2.3:a:apple:safari:3.0.5
-
cpe:2.3:a:apple:safari:3.1
-
cpe:2.3:a:apple:safari:3.1.0
-
cpe:2.3:a:apple:safari:3.1.0b
-
cpe:2.3:a:apple:safari:3.1.1
-
cpe:2.3:a:apple:safari:3.1.1b
-
cpe:2.3:a:apple:safari:3.1.2
-
cpe:2.3:a:apple:safari:3.1.2b
-
cpe:2.3:a:apple:safari:3.2
-
cpe:2.3:a:apple:safari:3.2.0
-
cpe:2.3:a:apple:safari:3.2.0b
-
cpe:2.3:a:apple:safari:3.2.1
-
cpe:2.3:a:apple:safari:3.2.1b
-
cpe:2.3:a:apple:safari:3.2.2
-
cpe:2.3:a:apple:safari:4.0
-
cpe:2.3:o:apple:mac_os_x:10.4.11
-
cpe:2.3:o:apple:mac_os_x:10.5.0
-
cpe:2.3:o:apple:mac_os_x:10.5.1
-
cpe:2.3:o:apple:mac_os_x:10.5.2
-
cpe:2.3:o:apple:mac_os_x:10.5.3
-
cpe:2.3:o:apple:mac_os_x:10.5.4
-
cpe:2.3:o:apple:mac_os_x:10.5.5
-
cpe:2.3:o:apple:mac_os_x:10.5.6
-
cpe:2.3:o:apple:mac_os_x_server:10.4.11
-
cpe:2.3:o:apple:mac_os_x_server:10.5.0
-
cpe:2.3:o:apple:mac_os_x_server:10.5.1
-
cpe:2.3:o:apple:mac_os_x_server:10.5.2
-
cpe:2.3:o:apple:mac_os_x_server:10.5.3
-
cpe:2.3:o:apple:mac_os_x_server:10.5.4
-
cpe:2.3:o:apple:mac_os_x_server:10.5.6
-
cpe:2.3:o:microsoft:windows_vista:-
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:sp2
-
cpe:2.3:o:microsoft:windows_xp:sp3
-
cpe:2.3:o:microsoft:windows_xp:unknown