New issue
Advanced search Search tips
Starred by 1 user
Status: Fixed
Owner:
Closed: Jun 2016
Cc:



Sign in to add a comment
Adobe Flash: Overflow in ATF Processing
Project Member Reported by natashenka@google.com, Mar 28 2016 Back to list
The attached ATF file causes a heap overflow in ATF processing. To reproduce this issue, put LoadImage.swf and test.png on a remote server, and visit http://127.0.0.1/LoadImage.swf?img=test.png.


This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

 
LoadImage.swf
1.2 KB Download
test.png
95 bytes View Download
Project Member Comment 1 by natashenka@google.com, Mar 30 2016
To differentiate this from other ATF issues, this is an overflow in decompressing alphas when an image has a height of 1 pixel. 
Project Member Comment 2 by scvitti@google.com, Mar 31 2016
Labels: -Reported-2016-03-28 Reported-2016-Mar-28
Project Member Comment 3 by natashenka@google.com, May 16 2016
Labels: PSIRT-5026
Project Member Comment 4 by hawkes@google.com, Jun 16 2016
Labels: -Vendor-Flash Vendor-Adobe
Project Member Comment 5 by mjurczyk@google.com, Jun 17 2016
Labels: Fixed-2016-Jun-16 CVE-2016-4135
Status: Fixed
Fixed in https://helpx.adobe.com/security/products/flash-player/apsb16-18.html.
Project Member Comment 6 by natashenka@google.com, Jul 7 2016
Labels: -Restrict-View-Commit
Sign in to add a comment