CVE-2009-1725 — Out-of-bounds Write in Apple Iphone OS

CWE-1897 documents6 sources

Severity

9.3CRITICALNVD

EPSS

12.2%

top 6.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari

Timeline

PublishedJul 9

Latest updateMay 2

Description

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/iphone_os3.0.1+20

▶NVDapple/safari4.0.1+26

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6h8h-64g5-rgv5: WebKit in Apple Safari before 4↗2022-05-02

▶

OSV

CVE-2009-1725: WebKit in Apple Safari before 4↗2009-07-09

▶

📋Vendor Advisories

Ubuntu

Qt vulnerabilities↗2009-11-10

▶

Ubuntu

WebKit vulnerabilities↗2009-09-23

▶

Red Hat

qt-4.5.2: improper handling of numeric character references (ACE, DoS)↗2009-07-25

▶

💬Community

Bugzilla

CVE-2009-1725 kdelibs KHTML, WebKit-gtk, qt-4.5.2: improper handling of numeric character references (ACE, DoS)↗2009-07-26

▶