|
|
|
|
|
|
by injinj
1598 days ago
|
|
|
It looks like the input word is using lodsd instruction, loading a 4 byte word, instead of a ptr increment, which could cause a 3 byte oob read if the last byte was at address 1. I believe this is used in millions of builds, since it's been around for 20 years and Windows has a culture of winzip style software not packaged by Microsoft, but a lone programmer trying to get by with donations. Do you have a specific exploit description? Mark Adler can remove or mark it unsafe on the github repo given a reason. |
|
|