Changes

9 bytes added ,  01:38, 12 April 2017
Line 184: Line 184:  
| [[Nintendo 3DS Sound]]
 
| [[Nintendo 3DS Sound]]
 
| When a .m4a is loaded, the song name is copied to a 256 byte buffer. When the song name begins with a Unicode BOM marker, it memcpy's the tag using the user-provided length. This gives an arbitrary write which can be used to achieve ROP.
 
| When a .m4a is loaded, the song name is copied to a 256 byte buffer. When the song name begins with a Unicode BOM marker, it memcpy's the tag using the user-provided length. This gives an arbitrary write which can be used to achieve ROP.
| None
+
| [[11.4.0-37]]
| [[11.2.0-35]]
+
| [[11.4.0-37]]
 
| June/July 2016
 
| June/July 2016
 
| [[User:nedwill|nedwill]]
 
| [[User:nedwill|nedwill]]