LG ASFParser::ParseHeaderExtensionObjects Missing Bounds Check

LG has a memcpy in ASFParser::ParseHeaderExtensionObjects that does not check that the size of the copy is smaller than the size of the source buffer, resulting in an out-of-bounds heap read.

Leave a Reply