New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 4 users
Status: Fixed
Owner:
Email to this user bounced
Closed: Aug 2015
Cc:



Sign in to add a comment
Flash: wild pointer in button handling
Reported by cevans@google.com, May 20 2015 Back to list
The attached sample, signal_sigsegv_7ffff60a1429_9554_f4dc661554237404dfe394d4c6c3e674.swf, crashes in this manner on Linux x64:

=> 0x00007f693158481f:	movzbl (%rcx),%r11d
rcx            0x3102ffffecfd	53888954658045

The base sample from which this fuzz case was generated is also attached. We believe this may be related to button handling.


This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

 
f4dc661554237404dfe394d4c6c3e674.swf
367 KB Download
signal_sigsegv_7ffff60a1429_9554_f4dc661554237404dfe394d4c6c3e674.swf
367 KB Download
Comment 1 by cevans@google.com, May 26 2015
Labels: Id-3733
PSIRT-3733
Project Member Comment 2 by natashenka@google.com, Aug 11 2015
Labels: CVE-2015-5547
Status: Fixed
Project Member Comment 4 by natashenka@google.com, Aug 18 2015
Labels: -Restrict-View-Commit
Sign in to add a comment