Red Hat Bugzilla – Bug 506246
CVE-2009-1709 kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)
Last modified: 2016-03-04 05:43:11 EST
A pointer use-after-free flaw was found in the KDE's KSVG Scalable Vector Graphics (SVG) animation element implementation. A remote attacker
could use this flaw to cause a denial of service (konqueror crash) or,
potentially, execute arbitrary code, with the privileges of the user
running "konqueror" web browser, if the victim was tricked to open
a specially-crafted SVG image.
This issue does NOT affect the version of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 3 and 4.
This issue affects the versions of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 5.
Upstream bugzilla with more testcases:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:1130 https://rhn.redhat.com/errata/RHSA-2009-1130.html
This one appears NOT to affect the KDE 4 code in kdelibs/khtml/svg. The WebKit flaw got fixed in April 2008, the SVG code was imported from there to kdelibs (KHTML) in October 2008.
For QtWebKit, this apparently got fixed ages ago too. It's definitely fixed in Qt 4.5.2 which got pushed to Fedora updates recently. I didn't check earlier versions.