New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Fixed
Last visit > 30 days ago
Closed: Sep 2017

Sign in to add a comment

Issue 1323: Adobe Flash: Out-of-bounds read in applyToRange

Reported by, Jul 6 2017 Project Member

Issue description

The attached fuzzed file causes an out-of-bounds read in TextFormat.applyToRange.

This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
2.2 KB Download

Comment 1 by, Sep 25 2017

Project Member
Labels: -Restrict-View-Commit CVE-2017-11282
Status: Fixed (was: New)

Comment 2 by, Sep 27 2017

Hey Natalie, did you fuzz this manually? The SWF looks like you took a section of bytes from the original SWF and overwritten another part of the SWF with it.

Comment 3 by, Sep 29 2017

To anyone interested, we wrote a free micropatch for this vulnerability - just 7 CPU instructions. You can see it in action here: Let us know if you need any help in reproducing the vuln or playing with our micropatch.

Sign in to add a comment