Source: https://code.google.com/p/google-security-research/issues/detail?id=627

The attached swf file causes an out-of-bounds memset in BlurFilter processing. Note that Chrome aborts when processing the swf


Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/39219.zip