Users of kdegraphics please be advised of a code execution crash vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MDVSA-2010:182: [MDVSA-2010:182] kdegraphics code execution, crash
Problem Description:
A vulnerability has been found and corrected in kdegraphics (ksvg):
Use-after-free vulnerability in the garbage-collection implementation
in WebCore in WebKit in Apple Safari before 4.0 allows remote
attackers to execute arbitrary code or cause a denial of service
(heap corruption and application crash) via an SVG animation element,
related to SVG set objects, SVG marker elements, the targetElement
attribute, and unspecified caches. (CVE-2009-1709)
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/avkzfz
No comments:
Post a Comment