![]() Len Gelman Applied Mathematics and Computing School of Engineering Cranfield University Cranfield UK e-mail: ĭOI 10.1007/978-9-1 Springer Dordrecht Heidelberg London New York Ó Springer Science+Business Media B.V. ![]() ![]() This is only exploitable if the color_cache_bits value defines which size to use.Lecture Notes in Electrical Engineering Volume 90Įlectrical Engineering and Applied ComputingĮditors Sio Iong Ao International Association of Engineers Unit 1, 1/F, 37-39 Hung To Road Kwun Tong Hong Kong e-mail: The OOB write to the undersized array happens in ReplicateValue. When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. libwebp allows codes that are up to 15-bit ( MAX_ALLOWED_CODE_LENGTH). The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. The color_cache_bits value defines which size to use. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes() function to allocate the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.Īffected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes() function is used.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |