Bug 506246 (CVE-2009-1709) - CVE-2009-1709 kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)
Summary: CVE-2009-1709 kdegraphics: KSVG Pointer use-after-free error in the SVG anima...
Alias: CVE-2009-1709
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL: http://trac.webkit.org/changeset/32039
Depends On: 506300 506301 506302 506303 833915
TreeView+ depends on / blocked
Reported: 2009-06-16 11:12 UTC by Jan Lieskovsky
Modified: 2023-07-07 08:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1130 0 normal SHIPPED_LIVE Critical: kdegraphics security update 2009-06-25 16:19:13 UTC

Description Jan Lieskovsky 2009-06-16 11:12:19 UTC
A pointer use-after-free flaw was found in the KDE's KSVG Scalable Vector Graphics (SVG) animation element implementation. A remote attacker
could use this flaw to cause a denial of service (konqueror crash) or,
potentially, execute arbitrary code, with the privileges of the user
running "konqueror" web browser, if the victim was tricked to open
a specially-crafted SVG image.


Upstream patch: 


Comment 2 Jan Lieskovsky 2009-06-16 11:14:46 UTC
This issue does NOT affect the version of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 3 and 4.

This issue affects the versions of the kdegraphics package, as shipped
with Red Hat Enterprise Linux 5.

Comment 6 Jan Lieskovsky 2009-06-16 11:44:49 UTC
Upstream bugzilla with more testcases:


Comment 11 errata-xmlrpc 2009-06-25 16:19:16 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1130 https://rhn.redhat.com/errata/RHSA-2009-1130.html

Comment 12 Kevin Kofler 2009-07-25 23:26:53 UTC
This one appears NOT to affect the KDE 4 code in kdelibs/khtml/svg. The WebKit flaw got fixed in April 2008, the SVG code was imported from there to kdelibs (KHTML) in October 2008.

Comment 13 Kevin Kofler 2009-07-26 00:11:19 UTC
For QtWebKit, this apparently got fixed ages ago too. It's definitely fixed in Qt 4.5.2 which got pushed to Fedora updates recently. I didn't check earlier versions.

Note You need to log in before you can comment on or make changes to this bug.