Security
Headlines
HeadlinesLatestCVEs

Headline

AppleAVD AVC_RBSP::parseSliceHeader ref_pic_list_modification Overflow

There is a buffer overflow in how AppleAVD.kext parses the ref_pic_list_modification component of H264 slice headers in AVC_RBSP::parseSliceHeader. When pic modification entries are copied into the pic modification list, the loop only terminates when the end code (3) is encountered, meaning that any number of entries can be copied into the fixed size modification buffer. This can corrupt the remainder of the decoder structure, as well as write outside of allocated memory.

Packet Storm
#apple#buffer_overflow

© 2022 Packet Storm. All rights reserved.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6