Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo
Kim at the Georgia Tech Information Security Center (GTISC) reported a
bad casting from the BasicThebesLayer
to
BasicContainerLayer
, resulting in undefined behavior. This behavior
is potentially exploitable with some compilers but no clear mechanism to trigger
it through web content was identified.