Adobe Flash suffers from an AVC slice decoding crash.
4aab2c6a327dcfd3e4e5ae3793a05ef13051c567e6e7b7095e4080605c3b2550
Adobe Flash suffers from an overflow vulnerability when processing MP4 files.
51908fb3a62f133d2a06ddf711f694d18139b52dca220df228dcd37584a52010
Adobe Flash suffers from a memory corruption vulnerability in video decompression.
6ab77f9cdd155daa4dc1957698507e9e4e763903c61c47078ea8d064042796a5
There is a crash when the AVC decoder in Adobe Flash attempts to free memory, likely indicating memory corruption.
06f1eb077ee1f466f06c46622473b0779c4d14ab7e40da39791e487f6e4b64d7
If a method is called on a MovieClip in Adobe Flash, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a user-after-free.
5297ca949527a1f37c7a68df5d64c04365012ff2f457cbb7ba111a0c2dac12ee
There is an information leak in Adobe Flash in the Transform.colorTranform getter. If the constructor for ColorTransform is overwritten with a getter using addProperty, this getter will execute when fetching the constructor, which can then free the MovieClip containing the Tranform.
7063d81c59980eddcec6a6549e6a9eed2656761e3a99db80b256f91f6bbbdf51
There is a use-after-free in the Adobe Flash MovieClip Transform getter. If the Transform constructor is replaced with a getter using addProperty, this getter can free the MovieClip before it is accessed.
8e0a48ee796dc46bf201b5bec60fb0c2fea4eaaff0ede8662854456151504e5c
There is a use-after-free in Adobe Flash BitmapData.copyPixels. If the method is called on a MovieClip, and the MovieClip is deleted during parameter conversions, it is used to convert future parameters, even though it has already been freed.
0a3401d2588c89c8cb83520304f111cda886ab6b1fa44838fdd32599be2f4efa
Several methods in Adobe Flash return instances of the Rectangle class. There is a use-after-free in creating these objects for return. If the this object of the call is a MovieClip, the Rectangle instantiation will run on its thread. If a getter is added to this class's package, it will be invoked when fetching the rectangle constructor, which can free the method's thread, which will cause the Rectangle constructor to run on a thread which has been freed.
f898e72b34514ad22259dcefdd52f3d177b215cd0242a8842fd2e4e2e609f90c
There is a use-after-free in Adobe Flash Selection.setFocus. It is a static method, but if it is called with a this object, it will be called on that object's thread. Then, if it calls into script, for example, by calling toString on the string parameter, the object, and its thread will be deleted, and a use-after-free occurs.
fa507c4afbb1bc497d0cc5c2a99904cd2a73bd86ee4b1d906ad6cf627872c99b
There is a use-after-free in the Adobe Flash Stage.align property setter. When the setter is called, the parameter is converted to a string early, as a part of the new use-after-free prevention changes. This conversion can invoke script, which if the this object is a MovieClip, can delete the object, deleting the thread the call is made from, which can lead to a use-after-free.
66d1624a35df614e84e05e1f157c0e1769f423cb0522075826d8dfbcf3dae5fe
WebKit suffers from a memory corruption vulnerability in TypedArray.copyWithin.
a1a879392edefe9000a32a0b132faa9914f660c3f5583d951b4ba36dc59d1a5b
WebKit suffers from a memory corruption vulnerability in TypedArray.fill.
dd867b4d358aaa6e14a0d03112c063c2e4ef03e466614c2eb27dcbda6488c1ef
This archive contains an images that causes heap corruption in Adobe Flash due to LMZA property decoding.
b4637f957856cf2b90fc817391db88b8ba409c89663c13b2d689553ce536952b
There is a heap overflow in ATF image packing. The file included in this archive demonstrates the vulnerability.
75949283b275ba71dc670b094f371b7c75020394f96a47c29fb5a1af31f4c0a4
This JXR file causes a heap overflow when loaded in Adobe Flash.
47641153c895e5582ce7bbe51e07e71ce0f609705b429f68ad1cbb2577d62040
This ATF file causes a heap overflow in ATF processing in Adobe Flash.
bdeb9fd0af03716c83afcdffd2dcedb61fcac2b8c16f2ae666d18b689dc5e387
Adobe Flash suffers from a use-after-free vulnerability in addProperty.
1b2c5c8671f279a72c51ff397907b306c28103beaa466105adb2ca954f9d46cf
A malicious mp4 file can cause stack corruption in Adobe Flash.
5c20d0caed9aa474e926c8c2f3fe70234702e7285a0649e165699ff480f97a1e
Adobe Flash suffers from an image reading / ATF processing heap overflow vulnerability.
6ab52e72a9a6a81d884f0790ee76e2e4e5c1fdba6288fdf33faf2133a716494c
Adobe Flash suffers from an overflow vulnerability when processing raw 565 textures.
504aba21194f2136a5269538dd0ff91bcb2d6a8b0436e0fbcbc28e61f0c2733d
Adobe Flash suffers from a use-after-free vulnerability in MovieClip.duplicateMovieClip.
5ad69e7bbae09810ea7b7de4e3e2f4fc3530e0ee1b6ffa6aec93708d76560ae5
Adobe Flash suffers from a use-after-free vulnerability in SetNative.
9a6d96b29070bacd43654cab6667d8d574eb7dce3f26bf0a04dbf82f9fd630a0
Adobe Flash suffers from a type confusion vulnerability in the FileReference constructor.
5e62f6a30d1de905673d6018a206c1cbc61970ba98c19b8f450978889283bbec
Adobe Flash suffers from an out-of-bounds read when placing an object.
334dac2fca295969639dab502bd3035daec81f42b9e1553b9e228ebd6893bd38