635 - Adobe Flash: Heap Overflow in ATF Processing - project-zero

Starred by 1 user

Status:	Fixed
Owner:	natashenka@google.com
Closed:	Feb 2016
Cc:	project-...@google.com
CVE-2016-0971 Finder-natashenka Deadline-90 Reported-2015-Nov-23 Label-4339 Finder-hawkes CCProjectZeroMembers Product-Flash Severity-High Vendor-Adobe Finder-mjurczyk

Adobe Flash: Heap Overflow in ATF Processing

Project Member Reported by natashenka@google.com, Nov 23 2015

Back to list

The attached file causes a crash due to a heap overflow, probably due to an issue in ATF processing by the URLStream class.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

write.swf
68 bytes Download

Project Member Comment 1 by natashenka@google.com, Nov 30 2015

Labels: Label-4339

This is PSIRT-4339

Project Member Comment 2 by mjurczyk@google.com, Feb 12 2016

Labels: -Finder-natashenk Finder-natashenka

Project Member Comment 3 by natashenka@google.com, Feb 17 2016

Labels: -Restrict-View-Commit CVE-2016-0971
Status: Fixed

Fixed in Feb update.

► Sign in to add a comment