CESA-2009-010 - rev 1

[See all my vulnerabilities at http://scary.beasts.org/security]

[Blog if you want to subscribe to new findings is at http://scarybeastsecurity.blogspot.com/]

WebKit off-by-one heap overflow

Programs affected: WebKit consumers (Safari, Chrome etc).
Severity: Possible code execution (within sandbox depending on browser).

The bug is best described with the simple patch that fixes it:


For further technical considerations on 1-byte heap overflows, I enjoyed this paper at BlackHat Vegas 2009:


Long since fixed in the latest Apple / Chrome updates.

CESA-2009-010 - rev 1
Chris Evans