CVE Vulnerabilities

CVE-2009-1687

Published: Jun 10, 2009 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
6.8 CRITICAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer.

Affected Software

Name Vendor Start Version End Version
Safari Apple 0.8 0.8
Safari Apple 0.9 0.9
Safari Apple 1.0 1.0
Safari Apple 1.0.3 1.0.3
Safari Apple 1.1 1.1
Safari Apple 1.2 1.2
Safari Apple 1.3 1.3
Safari Apple 1.3.1 1.3.1
Safari Apple 1.3.2 1.3.2
Safari Apple 2.0 2.0
Safari Apple 2.0.2 2.0.2
Safari Apple 2.0.4 2.0.4
Safari Apple 3.0 3.0
Safari Apple 3.0.2 3.0.2
Safari Apple 3.0.3 3.0.3
Safari Apple 3.0.4 3.0.4
Safari Apple 3.1 3.1
Safari Apple 3.1.1 3.1.1
Safari Apple 3.1.2 3.1.2
Safari Apple 3.2.1 3.2.1
Safari Apple 3.2.3 3.2.3
Safari Apple * 4.0_beta
Red Hat Enterprise Linux 4 RedHat kdelibs-6:3.3.1-14.el4 *
Red Hat Enterprise Linux 5 RedHat kdelibs-6:3.5.4-22.el5_3 *
Kde4libs Ubuntu hardy *
Kde4libs Ubuntu intrepid *
Kde4libs Ubuntu jaunty *
Kdelibs Ubuntu dapper *
Kdelibs Ubuntu devel *
Kdelibs Ubuntu hardy *
Kdelibs Ubuntu intrepid *
Kdelibs Ubuntu jaunty *
Kdelibs Ubuntu karmic *
Kdelibs Ubuntu lucid *
Kdelibs Ubuntu maverick *
Kdelibs Ubuntu natty *
Qt4-x11 Ubuntu intrepid *
Qt4-x11 Ubuntu jaunty *
Webkit Ubuntu hardy *
Webkit Ubuntu intrepid *
Webkit Ubuntu jaunty *

References