WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."