Endpoint Vulnerability

Memory safety errors in libGLES in the ANGLE graphics library


Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writing to unowned memory. The second issue also affects shaders when insufficient memory is allocated for a shader attribute array, leading to a buffer overflow. Both of these issues can lead to a potentially exploitable crash.

Affected Products

Firefox ESR