You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
so when cbBitsMask+cbBitsColor < Stream_GetRemainingLength(s) and cbBitsMask+cbColorTable+cbBitsColor > Stream_GetRemainingLength(s) , it could lead memory out of bounds read
The text was updated successfully, but these errors were encountered:
@akallabeth@hac425xxx Does this function accept untrusted input (icon metadata packet) from anywhere or only from an established RDP connection? Trying to assess impact. Thanks.
version
vuln code
update_read_icon_info
first readiconInfo->cbColorTable
,iconInfo->cbBitsMask
andiconInfo->cbBitsColor
from the wStream,And then it check cbBitsMask and cbBitsColor
Then it could call Stream_Read to read data from s, size is
cbBitsMask+cbColorTable+cbBitsColor
so when
cbBitsMask+cbBitsColor < Stream_GetRemainingLength(s)
andcbBitsMask+cbColorTable+cbBitsColor > Stream_GetRemainingLength(s)
, it could lead memory out of bounds readThe text was updated successfully, but these errors were encountered: