11 lines
No EOL
438 B
Text
11 lines
No EOL
438 B
Text
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794
|
|
|
|
There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read.
|
|
|
|
A PoC is attached. To reproduce issue, put both files on a server, and load:
|
|
|
|
http://127.0.0.1/LoadImage.swf?img=70
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/39825.zip |