CVE-2019-18794
Use after free in BASS.dll
Software affected
BASS.DLL <= 2.4.14.1
Description
uaf while parsing a ogg file
Details
Assembly
The use after free happens at:
bass.dll + 0x11899
Instructions at bass.dll + 0x11899:
call bass+0x10fec
mov ecx,dword ptr [edi+188h]
inc esi
cmp dword ptr [ecx+12h],esi <-- uaf
Registers:
eax = 0xD5D449
ebx = 0xD5D57C
ecx = 0xD5D5D0
edx = 0x494B
esi = 0xD5D5C0
edi = 0x1
esp = 0xD5D440
ebp = 0xD5D46C
The callstack:
bass.dll + 0x11899
bass.dll + 0x2189A
_BASS_StreamCreateFile