Invalid frees causes heap corruption in gfxImageSurface

ID MFSA2012-23
Type mozilla
Reporter Mozilla Foundation
Modified 2012-04-24T00:00:00


Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems.