header-logo
Suggest Exploit
vendor:
N/A
by:
Project Zero
4,3
CVSS
MEDIUM
Out of Bounds Read
125
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

Out of Bounds Read when Placing a Corrupt Image

There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read. A PoC is attached. To reproduce issue, put both files on a server, and load http://127.0.0.1/LoadImage.swf?img=70

Mitigation:

Ensure that images are validated before being used.
Source

Exploit-DB raw data:

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794

There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read.

A PoC is attached. To reproduce issue, put both files on a server, and load:

http://127.0.0.1/LoadImage.swf?img=70


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39825.zip

Navigation

Suggest Exploit

Services By CQR