Null-pointer dereference due to an array index error was found in
the KDE KSVG SVGList interface implementation. A remote attacker
could create a specially-crafted SVG image, which once opened by
an unsuspecting user, would cause memory corruption leading
to a denial of service (Konqueror crash).
Expected WebKit reproducer output:
Upstream KDE 4.2 patch:
This issue does NOT affect the versions of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 3 and 4.
This issue affects the version of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 5.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:1130 https://rhn.redhat.com/errata/RHSA-2009-1130.html
This also affects kdelibs 4.2.4 in Fedora (the code is now in kdelibs).
For QtWebKit, this is fixed in Qt 4.5.2 which got pushed to Fedora updates recently. I didn't check earlier versions.
This one is fixed in Rawhide's kdelibs 4.2.98.
kdelibs-4.2.4-6.fc11 has been submitted as an update for Fedora 11.
kdelibs-4.2.4-6.fc10 has been submitted as an update for Fedora 10.
kdelibs-4.2.4-6.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
kdelibs-4.2.4-6.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.