Closed GoogleCodeExporter closed 9 years ago
Adobe tracking as PSIRT-3169.
Original comment by cev...@google.com
on 4 Dec 2014 at 4:05
Mark noted that the regex to trigger this new bug bears a certain similarity to
the regex bug that turned up as an 0-day.
(Details of that 0-day are covered in the paper
http://0xfeedface.org/sites/default/files/smashing_the_heap_with_vector_Li.pdf)
Original comment by cev...@google.com
on 4 Dec 2014 at 4:12
cc:ing Yang Dingning, who filed a duplicate issue as
https://code.google.com/p/chromium/issues/detail?id=440205
Original comment by cev...@google.com
on 11 Dec 2014 at 9:28
Supplied another crash poc to adobe.
Original comment by markbr...@google.com
on 18 Dec 2014 at 5:31
Attachments:
Original comment by cev...@google.com
on 4 Feb 2015 at 7:06
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Original comment by cev...@google.com
on 6 Feb 2015 at 3:14
Original comment by cev...@google.com
on 12 Feb 2015 at 8:11
Original issue reported on code.google.com by
markbr...@google.com
on 3 Dec 2014 at 8:32Attachments: