| Name | CVE-2008-1026 |
| Description | Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| qt4-x11 | source | (unstable) | (not affected) | |||
| webkit | source | (unstable) | 0~svn31841-1 |
- qt4-x11 <not-affected> (vulnerable code not present referring to upstream)
for qt, referring to upstream this only applies to optimized code in safari 3.1
branch and qt 4.4 is based on safari 3.0