Race condition in Flash workers may cause an exploitable double free
Unknown
Vulnerability Details
The issue occurs while sharing a bytearray between two workers. If both call bytearray.clear() at the same time, Flash does not correctly handle the race and may double free the array.
Indentified as CVE-2014-0574, and reported to Adobe via Chrome VRP:
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
Original report with proof of concept:
https://code.google.com/p/chromium/issues/detail?id=423703
Actions
View on HackerOneReport Stats
- Report ID: 37240
- State: Closed
- Substate: resolved
- Upvotes: 13