Lucene search
BiloulehibouH1:47227HistoryFeb 09, 2015 - 6:36 p.m.
Internet Bug Bounty: Race condition in workers may cause an exploitable double free by abusing bytearray.compress()
2015-02-0918:36:18
biloulehibou
hackerone.com
31
EPSS
0.026
Percentile
90.3%
The issue occurs while sharing a bytearray between two workers. If one worker calls bytearray.compress() while the other uses that bytearray, Flash does not correctly handle the race and may double free the array.
Identified as CVE-2015-0312, and reported to Adobe via Chrome VRP:
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
Original report with exploit for Chrome:
https://code.google.com/p/chromium/issues/detail?id=436022
Related
prion
prion
Double free
2015-01-28 22:59:00
symantec
symantec
cvelist
cvelist
CVE-2015-0312
2015-01-28 22:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Double Free (APSB15-03: CVE-2015-0312)
2015-02-01 00:00:00
ubuntucve
ubuntucve
CVE-2015-0312
2015-01-28 00:00:00
nvd
nvd
CVE-2015-0312
2015-01-28 22:59:01
cve
cve
CVE-2015-0312
2015-01-28 22:59:01
openvas
openvas
nessus
nessus
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2015-01-28 00:08:29
redhat
redhat
(RHSA-2015:0094) Critical: flash-plugin security update
2015-01-27 00:00:00