Unrated severityNVD Advisory· Published Jul 9, 2009· Updated Apr 23, 2026
CVE-2009-1725
CVE-2009-1725
Description
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Affected products
53cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=4.0.1
- cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=3.0.1
- cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
33- lists.apple.com/archives/security-announce/2009/Jul/msg00000.htmlnvdPatchVendor Advisory
- support.apple.com/kb/HT3666nvdPatchVendor Advisory
- www.securityfocus.com/bid/35607nvdPatch
- lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- osvdb.org/55739nvd
- secunia.com/advisories/35758nvd
- secunia.com/advisories/36057nvd
- secunia.com/advisories/36062nvd
- secunia.com/advisories/36347nvd
- secunia.com/advisories/36677nvd
- secunia.com/advisories/36790nvd
- secunia.com/advisories/37746nvd
- secunia.com/advisories/43068nvd
- support.apple.com/kb/HT3860nvd
- websvn.kde.orgnvd
- websvn.kde.orgnvd
- websvn.kde.orgnvd
- www.debian.org/security/2009/dsa-1950nvd
- www.mandriva.com/security/advisoriesnvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/USN-836-1nvd
- www.ubuntu.com/usn/USN-857-1nvd
- www.vupen.com/english/advisories/2009/1827nvd
- www.vupen.com/english/advisories/2011/0212nvd
- bugzilla.redhat.com/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777nvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.htmlnvd
News mentions
0No linked articles in our index yet.