Race condition in Flash workers may cause an exploitable double free
I
Internet Bug Bounty
Submitted None
Actions:
Reported by
biloulehibou
Vulnerability Details
Technical details and impact analysis
The issue occurs while sharing a bytearray between two workers. If both call bytearray.clear() at the same time, Flash does not correctly handle the race and may double free the array.
Indentified as CVE-2014-0574, and reported to Adobe via Chrome VRP:
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
Original report with proof of concept:
https://code.google.com/p/chromium/issues/detail?id=423703
Related CVEs
Associated Common Vulnerabilities and Exposures
CVE-2014-0574
UNKNOWN
Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified …
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Memory Corruption - Generic