Search for vulnerabilities
Vulnerability details: VCID-yhcg-yqrd-aaaq
Vulnerability ID VCID-yhcg-yqrd-aaaq
Aliases CVE-2009-0945
Summary Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-476 NULL Pointer Dereference
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2009:1130
epss 0.06145 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.06145 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.06145 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.06145 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.07651 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.08802 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.08802 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.09177 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.09177 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.11718 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
epss 0.12999 https://api.first.org/data/v1/epss?cve=CVE-2009-0945
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=506703
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2009-0945
Reference id Reference type URL
http://code.google.com/p/chromium/issues/detail?id=9019
http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
http://lists.apple.com/archives/security-announce/2009/May/msg00001.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0945.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
http://secunia.com/advisories/35056
http://secunia.com/advisories/35074
http://secunia.com/advisories/35095
http://secunia.com/advisories/35576
http://secunia.com/advisories/35805
http://secunia.com/advisories/36062
http://secunia.com/advisories/36461
http://secunia.com/advisories/36790
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
https://exchange.xforce.ibmcloud.com/vulnerabilities/50477
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3550
http://support.apple.com/kb/HT3639
https://usn.ubuntu.com/823-1/
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
http://www.debian.org/security/2009/dsa-1950
http://www.redhat.com/support/errata/RHSA-2009-1130.html
http://www.securityfocus.com/archive/1/503594/100/0/threaded
http://www.securityfocus.com/bid/34924
http://www.securitytracker.com/id?1022207
http://www.ubuntu.com/usn/USN-822-1
http://www.ubuntu.com/usn/USN-836-1
http://www.ubuntu.com/usn/USN-857-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1298
http://www.vupen.com/english/advisories/2009/1321
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
http://www.zerodayinitiative.com/advisories/ZDI-09-022
506703 https://bugzilla.redhat.com/show_bug.cgi?id=506703
532718 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532718
CVE-2009-0945 https://nvd.nist.gov/vuln/detail/CVE-2009-0945
RHSA-2009:1130 https://access.redhat.com/errata/RHSA-2009:1130
USN-822-1 https://usn.ubuntu.com/822-1/
USN-836-1 https://usn.ubuntu.com/836-1/
USN-857-1 https://usn.ubuntu.com/857-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0945
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93752
EPSS Score 0.06145
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.