CVE-2011-1798 Information

Description

rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document.

Reference

http://crbug.com/79595 http://launchpad.net/bugs/778822 http://trac.webkit.org/changeset/84085