CVE-2009-1725

Description

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

How to fix CVE-2009-1725

To remediate CVE-2009-1725, upgrade the affected package to a fixed version below.

• Debian/qt4-x11—upgrade to 4:4.5.2-2 or later

Is CVE-2009-1725 being exploited?

Moderate — EPSS is 12.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 4:4.5.2-2

References (33)

• ADVISORYsecunia.com/advisories/35758
• ADVISORYsecunia.com/advisories/36057
• ADVISORYsecunia.com/advisories/36062
• ADVISORYsecunia.com/advisories/36347
• ADVISORYsecunia.com/advisories/36677