The kdegraphics packages contain applications for the K Desktop Environment(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describevector images. KSVG is a framework aimed at implementing the latest W3C SVGspecifications.A use-after-free flaw was found in the KDE KSVG animation elementimplementation. A remote attacker could create a specially-crafted SVGimage, which once opened by an unsuspecting user, could cause a denial ofservice (Konqueror crash) or, potentially, execute arbitrary code with theprivileges of the user running Konqueror. (CVE-2009-1709)A NULL pointer dereference flaw was found in the KDE, KSVG SVGListinterface implementation. A remote attacker could create aspecially-crafted SVG image, which once opened by an unsuspecting user,would cause memory corruption, leading to a denial of service (Konquerorcrash). (CVE-2009-0945)All users of kdegraphics should upgrade to these updated packages, whichcontain backported patches to correct these issues. The desktop must berestarted (log out, then log back in) for this update to take effect.