791 - Adobe Flash: Out-of-bounds read in JXR Processing - project-zero

Starred by 2 users

Status:	Fixed
Owner:	natashenka@google.com
Closed:	May 2016
Cc:	project-...@google.com
Finder-natashenka Deadline-90 CCProjectZeroMembers Product-Flash Severity-High Vendor-Adobe Finder-mjurczyk Reported-2016-Apr-1 label-5087 CVE-2016-1102

Adobe Flash: Out-of-bounds read in JXR Processing

Project Member Reported by natashenka@google.com, Apr 1 2016

Back to list

There is an out-of-bounds read in JXR processing. This issue is probably not exploitable, but could be used an an information leak.

To reproduce the issue, load the attach file '8' using LoadImage.swf as follows:

LoadImage.swf?img=8


This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

8
159 bytes View Download

LoadImage.swf
1.2 KB Download

Project Member Comment 1 by natashenka@google.com, Apr 5 2016

Labels: label-5087

Project Member Comment 2 by natashenka@google.com, May 16 2016

Labels: -Restrict-View-Commit CVE-2016-1102

Fixed in May update

Project Member Comment 3 by natashenka@google.com, May 16 2016

Status: Fixed

► Sign in to add a comment