CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD
Original Post:
We discussed this vulnerability during Episode 148 on 24 May 2022
On its own a pretty simple overflow. There exists a buffer for up to 32 elements to be read into, but the value that is used to determine how many elements to copy is not bounded and can be as high as 255. Leading to an overflow into other members. The overflow does not extend into other allocations on the heap which potentially makes exploitation a bit more tricky.