Home > Vulnerability Database > CVE-2009-0945

Mend.io Vulnerability Database

CVE-2009-0945

Date: May 13, 2009

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

Severity Score

8.1

Related Resources (45)

Url: http://secunia.com/advisories/37746

Url: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html

Url: http://www.debian.org/security/2009/dsa-1950

Url: http://www.vupen.com/english/advisories/2009/1297

Url: http://www.vupen.com/english/advisories/2009/1298

Url: http://secunia.com/advisories/35805

Url: http://support.apple.com/kb/HT3550

Url: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Url: http://secunia.com/advisories/43068

Url: http://www.zerodayinitiative.com/advisories/ZDI-09-022

Url: http://lists.apple.com/archives/security-announce/2009/May/msg00001.html

Url: https://usn.ubuntu.com/823-1/

Url: http://secunia.com/advisories/36062

Url: http://secunia.com/advisories/35095

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0945

Url: http://secunia.com/advisories/35074

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/50477

Url: http://www.ubuntu.com/usn/USN-857-1

Url: http://www.vupen.com/english/advisories/2011/0212

Url: http://www.us-cert.gov/cas/techalerts/TA09-133A.html

Url: http://support.apple.com/kb/HT3639

Url: http://www.ubuntu.com/usn/USN-836-1

Url: http://www.redhat.com/support/errata/RHSA-2009-1130.html

Url: http://www.securityfocus.com/bid/34924

Url: http://www.vupen.com/english/advisories/2009/1621

Url: http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html

Url: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

Url: https://access.redhat.com/security/cve/CVE-2009-0945

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584

Url: http://www.vupen.com/english/advisories/2009/1321

Url: http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

Url: http://secunia.com/advisories/36461

Url: http://code.google.com/p/chromium/issues/detail?id=9019

Url: http://secunia.com/advisories/35056

Url: http://secunia.com/advisories/35576

Url: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

Url: http://www.securityfocus.com/archive/1/503594/100/0/threaded

Url: http://secunia.com/advisories/36790

Url: http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0945

Url: http://www.ubuntu.com/usn/USN-822-1

Url: http://support.apple.com/kb/HT3549

Url: http://www.securitytracker.com/id?1022207

Url: http://lists.apple.com/archives/security-announce/2009/May/msg00000.html

Url: https://www.mend.io/vulnerability-database/CVE-2009-0945

Severity Score

8.1

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-0945

Date: May 13, 2009

Severity Score

Related Resources (45)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?