superuser5 / google-security-research

Automatically exported from code.google.com/p/google-security-research
0 stars 0 forks source link

Adobe Flash: Overflow in ID3 Tag Parsing #443

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa 
bytes, an integer overflow will occur in allocating the buffer to contain its 
converted string data, leading to a large copy into a small buffer. A sample 
fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to 
reproduce the issue. This issue only works on 64 bit platforms.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by natashe...@google.com on 13 Jun 2015 at 12:46

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by natashe...@google.com on 11 Aug 2015 at 3:15

GoogleCodeExporter commented 9 years ago

Original comment by natashe...@google.com on 18 Aug 2015 at 7:43