CVE Database · CVE-2009-1698
CVSS v3.1
N/A
EPSS
8.46%
Published
Jun 10, 2009
Modified
Apr 22, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Weaknesses (CWE)
Affected Products (62)
References (20)
...and 12 more
