11 lines
No EOL
419 B
Text
11 lines
No EOL
419 B
Text
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794
|
|
|
|
There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read.
|
|
|
|
A PoC is attached. To reproduce issue, put both files on a server, and load:
|
|
|
|
http://127.0.0.1/LoadImage.swf?img=70
|
|
|
|
|
|
Proof of Concept:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39825.zip |