WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption

Roger Wilco Exploits 10 janvier 2020 Affichages : 338

There is a memory corruption vulnerability in audio processing during a voice call in WeChat. When an RTP packet is processed, there is a call to UnpacketRTP. This function decrements the length of the packet by 12 without checking that the packet has at least 12 bytes in it. This leads to a negative packet length. Then, CAudioJBM::InputAudioFrameToJBM will check that the packet size is smaller than the size of a buffer before calling memcpy, but this check (n

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

"No secure path in the world"

WHAT ARE YOU LOOKING FOR?

Popular Tags

WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption

Follow us on

Most popular

Tiki Wiki CMS Groupware 21.1 Authentication Bypass ≈ Packet Storm

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection ≈ Packet Storm

Phone Shop Sales Managements System 1.0 Shell Upload ≈ Packet Storm

Monitorr 1.7.6m Authorization Bypass ≈ Packet Storm

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation ≈ Packet Storm

Tomato: 1 Vulnhub Walkthrough

Category

Popular Sections

About