Adobe Flash - JXR Processing Out-of-Bounds Read

EDB-ID:

39824




Platform:

Multiple

Date:

2016-05-17


Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=791

There is an out-of-bounds read in JXR processing. This issue is probably not exploitable, but could be used an an information leak.

To reproduce the issue, load the attach file '8' using LoadImage.swf as follows:

LoadImage.swf?img=8


Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39824.zip