CVE-2009-1709

Published: Jun 10, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

Affected (34)

Products: Apple: Safari

1 product

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 4.0_beta
Apple Safari	Version 0.8
Apple Safari	Version 0.9
Apple Safari	Version 1.0.3
Apple Safari	Version 1.0
Apple Safari	Version 1.1
Apple Safari	Version 1.2
Apple Safari	Version 1.3.1
Apple Safari	Version 1.3.2
Apple Safari	Version 1.3
Apple Safari	Version 2.0.2
Apple Safari	Version 2.0.4
Apple Safari	Version 2.0
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0
Apple Safari	Version 3.1.1
Apple Safari	Version 3.1.2
Apple Safari	Version 3.1
Apple Safari	Version 3.2.1
Apple Safari	Version 3.2.3

Configuration B

12 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 3.2.3
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0
Apple Safari	Version 3.1.1
Apple Safari	Version 3.1.2
Apple Safari	Version 3.1
Apple Safari	Version 3.2.1
Apple Safari	Version 3.2.2
Apple Safari	Version 3.2

Related CWEs

References (36)

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

http://osvdb.org/55013

Source: cve@mitre.org

http://secunia.com/advisories/35379

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35576

Source: cve@mitre.org

http://secunia.com/advisories/36461

Source: cve@mitre.org

http://secunia.com/advisories/43068

Source: cve@mitre.org

http://securitytracker.com/id?1022345

Source: cve@mitre.org

http://support.apple.com/kb/HT3613

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:182

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-1130.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/35260

Source: cve@mitre.org

http://www.securityfocus.com/bid/35334

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1522

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-09-034/

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10162

Source: cve@mitre.org

https://usn.ubuntu.com/823-1/

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/55013

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35379

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35576

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36461

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1022345

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3613

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:182

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-1130.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35260

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35334

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1522

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-09-034/

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10162

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/823-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.