Subscribe via feed.

Comodo Antivirus LZX Decompression Heap Overflow

Posted by deepcore on March 24, 2016 – 7:27 am

Lzx_Decoder::init() initializes the vector Lzx_Decoder->window to a fixed size of 2^method bytes, which is then used during Lzx_Decoder::Extract(). It’s possible for LZX compressed streams to exceed this size. Writes to the window buffer are bounds checked, but only after the write is completed.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.