magnify
Home Assembly CVE-2012-0667 – Analysis
formats

CVE-2012-0667 – Analysis

The vulnerability occurs when parsing 16-bit integer in sizelength of impn, imgp and vrsg atoms in a quicktime movie file.

Basically it converts the 16-bit to 32-bit integer. Due to it’s a signed integer , it passes some comparison checks.

Then I think it uses this integer as an “unsigned” in a memory copy operation and that causes the crash.

impn

compare

crash

 
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir