so when cbBitsMask+cbBitsColor < Stream_GetRemainingLength(s) and cbBitsMask+cbColorTable+cbBitsColor > Stream_GetRemainingLength(s) , it could lead memory out of bounds read
The text was updated successfully, but these errors were encountered:
@akallabeth@hac425xxx Does this function accept untrusted input (icon metadata packet) from anywhere or only from an established RDP connection? Trying to assess impact. Thanks.
version
vuln code
update_read_icon_infofirst readiconInfo->cbColorTable,iconInfo->cbBitsMaskandiconInfo->cbBitsColorfrom the wStream,And then it check cbBitsMask and cbBitsColor
Then it could call Stream_Read to read data from s, size is
cbBitsMask+cbColorTable+cbBitsColorso when
cbBitsMask+cbBitsColor < Stream_GetRemainingLength(s)andcbBitsMask+cbColorTable+cbBitsColor > Stream_GetRemainingLength(s), it could lead memory out of bounds readThe text was updated successfully, but these errors were encountered: