|
|
Flash: use-after-free in video decoding | ||||
| Reported by cevans@google.com, Jun 9 2015 | Back to list | ||||
There is an apparent use-after-free in video decoding, which can be manifesting by running a specific SWF file, e.g. http://localhost/video_uaf.swf Where the SWF may be downloaded here in a zip: https://drive.google.com/open?id=0B-_usSLlqH60SU1IR3EtTjBFdUU&authuser=0 (The file is too big to attach here) The zip is public but this password is not: 39e96d70b540650b Unfortunately, the issue takes a while to manifest. You should observe the Flash process running at 100% CPU, after which it will terminate with an access violation. Sample crash traces to follow. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
Comment 1
by
cevans@google.com,
Jun 9 2015
,
Jun 10 2015
PSIRT-3804
,
Aug 21 2015
,
Sep 21 2015
Fixed in APSB15-23
,
Mar 21 2016
|
|||||
| ► Sign in to add a comment | |||||