1. Home
  2. CVE Database
  3. CVE-2009-0945
HIGH · 9.3

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chro...

Vulnerability Description

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
AppleMac Os X10.4.11
AppleMac Os X Server10.4.11
MicrosoftWindows VistaAll versions
MicrosoftWindows XpAll versions
AppleSafari<= 3.2.2

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2009-0945?

CVE-2009-0945 is a vulnerability with a CVSS score of 9.3 (HIGH). Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chro...

How severe is CVE-2009-0945?

CVE-2009-0945 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0945?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari.