New issue
Advanced search Search tips
Starred by 1 user
Status: Fixed
Owner:
Closed: Feb 2017
Cc:



Sign in to add a comment
Adobe Flash: Heap Overflow in YUVPlane decoding
Project Member Reported by natashenka@google.com, Nov 24 2016 Back to list
The attached FLV file causes a heap overflow in YUVPlane decoding.

To reproduce, put LoadMP4.swf and yuvplane.flv on a server, and visit 127.0.0.1/LoadMP4.swf?file=yvplane.flv. 

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

 
yuvplane.flv
221 KB Download
LoadMP4.swf
1.0 KB Download
Project Member Comment 1 by natashenka@google.com, Feb 16 2017
Labels: -Restrict-View-Commit CVE-2017-2986
Fixed in Feb update
Project Member Comment 2 by natashenka@google.com, Feb 16 2017
Status: Fixed
Sign in to add a comment