First published: Wed May 13 2009(Updated: )
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Mac OS X | =10.4.11 | |
Apple Mac OS X | =10.5.0 | |
Apple Mac OS X | =10.5.1 | |
Apple Mac OS X | =10.5.2 | |
Apple Mac OS X | =10.5.3 | |
Apple Mac OS X | =10.5.4 | |
Apple Mac OS X | =10.5.5 | |
Apple Mac OS X | =10.5.6 | |
Apple Mac OS X Server | =10.4.11 | |
Apple Mac OS X Server | =10.5.0 | |
Apple Mac OS X Server | =10.5.1 | |
Apple Mac OS X Server | =10.5.2 | |
Apple Mac OS X Server | =10.5.3 | |
Apple Mac OS X Server | =10.5.4 | |
Apple Mac OS X Server | =10.5.6 | |
Microsoft Windows Vista | ||
Microsoft Windows XP | ||
Apple Safari | <=3.2.2 | |
Apple Safari | =0.8 | |
Apple Safari | =0.9 | |
Apple Safari | =1.0 | |
Apple Safari | =1.0-beta | |
Apple Safari | =1.0-beta2 | |
Apple Safari | =1.0.0 | |
Apple Safari | =1.0.0b1 | |
Apple Safari | =1.0.0b2 | |
Apple Safari | =1.0.1 | |
Apple Safari | =1.0.2 | |
Apple Safari | =1.0.3 | |
Apple Safari | =1.0.3-85.8 | |
Apple Safari | =1.0.3-85.8.1 | |
Apple Safari | =1.1 | |
Apple Safari | =1.1.0 | |
Apple Safari | =1.1.1 | |
Apple Safari | =1.2 | |
Apple Safari | =1.2.0 | |
Apple Safari | =1.2.1 | |
Apple Safari | =1.2.2 | |
Apple Safari | =1.2.3 | |
Apple Safari | =1.2.4 | |
Apple Safari | =1.2.5 | |
Apple Safari | =1.3 | |
Apple Safari | =1.3.0 | |
Apple Safari | =1.3.1 | |
Apple Safari | =1.3.2 | |
Apple Safari | =1.3.2-312.5 | |
Apple Safari | =1.3.2-312.6 | |
Apple Safari | =2 | |
Apple Safari | =2.0 | |
Apple Safari | =2.0.0 | |
Apple Safari | =2.0.1 | |
Apple Safari | =2.0.2 | |
Apple Safari | =2.0.3 | |
Apple Safari | =2.0.3-417.8 | |
Apple Safari | =2.0.3-417.9 | |
Apple Safari | =2.0.3-417.9.2 | |
Apple Safari | =2.0.4 | |
Apple Safari | =3 | |
Apple Safari | =3.0 | |
Apple Safari | =3.0.0 | |
Apple Safari | =3.0.1 | |
Apple Safari | =3.0.2 | |
Apple Safari | =3.0.3 | |
Apple Safari | =3.0.4 | |
Apple Safari | =3.1 | |
Apple Safari | =3.1.0 | |
Apple Safari | =3.1.1 | |
Apple Safari | =3.1.2 | |
Apple Safari | =3.2 | |
Apple Safari | =3.2.0 | |
Apple Safari | =3.2.1 | |
Apple Safari | =4.0-beta |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.