|
|
Flash: bad cast during garbage collection from KeenTeam | |||||
| Reported by cevans@google.com, Dec 3 2014 | Back to list | |||||
Credit is to "Jihui Lu of KeenTeam (@K33nTeam), working with the Chromium vulnerability reward program" Flash player 15.0.0.239 in Chrome 39 Linux x64. This looks like a bad cast. For example on Linux x64 in Chrome the crash is deterministic: => 0x00007f78dd2a7bd1: mov (%rdi),%rax %rdi == 0x400000000 On other builds, I see a crash dereferencing 0x0000ffff8000. I also attach apparent variants. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
Comment 1
by
cevans@google.com,
Dec 4 2014
,
Dec 4 2014
Adobe tracking as PSIRT-3167
,
Feb 4 2015
,
Feb 6 2015
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
,
Feb 12 2015
,
May 6 2015
Reward tracking: https://code.google.com/p/chromium/issues/detail?id=470749 |
||||||
| ► Sign in to add a comment | ||||||