Bug 506246 - (CVE-2009-1709) CVE-2009-1709 kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)
CVE-2009-1709 kdegraphics: KSVG Pointer use-after-free error in the SVG anima...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 506300 506301 506302 506303 833915
  Show dependency treegraph
Reported: 2009-06-16 07:12 EDT by Jan Lieskovsky
Modified: 2018-04-17 14:25 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1130 normal SHIPPED_LIVE Critical: kdegraphics security update 2009-06-25 12:19:13 EDT

  None (edit)
Description Jan Lieskovsky 2009-06-16 07:12:19 EDT
A pointer use-after-free flaw was found in the KDE's KSVG Scalable Vector Graphics (SVG) animation element implementation. A remote attacker
could use this flaw to cause a denial of service (konqueror crash) or,
potentially, execute arbitrary code, with the privileges of the user
running "konqueror" web browser, if the victim was tricked to open
a specially-crafted SVG image.


Upstream patch: 

Comment 2 Jan Lieskovsky 2009-06-16 07:14:46 EDT
This issue does NOT affect the version of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 3 and 4.

This issue affects the versions of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 5.
Comment 6 Jan Lieskovsky 2009-06-16 07:44:49 EDT
Upstream bugzilla with more testcases:

Comment 11 errata-xmlrpc 2009-06-25 12:19:16 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1130 https://rhn.redhat.com/errata/RHSA-2009-1130.html
Comment 12 Kevin Kofler 2009-07-25 19:26:53 EDT
This one appears NOT to affect the KDE 4 code in kdelibs/khtml/svg. The WebKit flaw got fixed in April 2008, the SVG code was imported from there to kdelibs (KHTML) in October 2008.
Comment 13 Kevin Kofler 2009-07-25 20:11:19 EDT
For QtWebKit, this apparently got fixed ages ago too. It's definitely fixed in Qt 4.5.2 which got pushed to Fedora updates recently. I didn't check earlier versions.

Note You need to log in before you can comment on or make changes to this bug.