magicislab google-security-research issues

magicislab / google-security-research

Automatically exported from code.google.com/p/google-security-research

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

SKIA ICO decoding information leak

#255 GoogleCodeExporter closed 9 years ago
3
[deleted issue]

#254 GoogleCodeExporter closed 9 years ago
0
Flash: out-of-bounds write with mp4 file missing a track (alternate mp4 parser)

#253 GoogleCodeExporter closed 9 years ago
4
Android BitmapFactory.decodeStream JPG allocPixelRef integer overflow

#252 GoogleCodeExporter closed 9 years ago
3
Flash: memory corruption with mp4 file with lots of "trex" tags

#251 GoogleCodeExporter closed 9 years ago
4
[deleted issue]

#250 GoogleCodeExporter closed 9 years ago
0
[deleted issue]

#249 GoogleCodeExporter closed 9 years ago
0
[deleted issue]

#248 GoogleCodeExporter closed 9 years ago
0
[deleted issue]

#247 GoogleCodeExporter closed 9 years ago
0
Flash: out-of-bounds write with mp4 file missing a track

#246 GoogleCodeExporter closed 9 years ago
4
Windows: NtCreateTransactionManager Type Confusion Elevation of Privilege

#245 GoogleCodeExporter closed 9 years ago
7
Adobe Flash: Setting ConvolutionFilter.matrix can write to memory that has already been freed

#244 GoogleCodeExporter closed 9 years ago
4
[deleted issue]

#243 GoogleCodeExporter closed 9 years ago
0
[deleted issue]

#242 GoogleCodeExporter closed 9 years ago
0
OS X sandbox escape due to multiple heap corruption bugs in fontd (FODBReviveFromDumpFile)

#241 GoogleCodeExporter closed 9 years ago
4
Windows: DosDevices Impersonation Elevation of Privilege

#240 GoogleCodeExporter closed 9 years ago
7
[deleted issue]

#239 GoogleCodeExporter closed 9 years ago
0
[deleted issue]

#238 GoogleCodeExporter closed 9 years ago
0
Flash: use-after-free(?) in bitmap decoding(?) from KeenTeam

#237 GoogleCodeExporter closed 9 years ago
5
[deleted issue]

#236 GoogleCodeExporter closed 9 years ago
0
OS X sandbox escape due to heap corruption in fontd (SwapHFSName)

#235 GoogleCodeExporter closed 9 years ago
3
Android BitmapFactory.decodeStream 9patch PNG heap overflow

#234 GoogleCodeExporter closed 9 years ago
2
OS X sandbox escape due to heap corruption in fontd (AGSwapAttributeGroup)

#233 GoogleCodeExporter closed 9 years ago
5
OS X sandbox escape due to fontd trusting client-supplied pointers

#232 GoogleCodeExporter closed 9 years ago
3
Mongoose Web Server - Multiple integer issues

#231 GoogleCodeExporter closed 9 years ago
4
[deleted issue]

#230 GoogleCodeExporter closed 9 years ago
0
Type Confusion in NetConnection ASnative

#229 GoogleCodeExporter closed 9 years ago
6
[deleted issue]

#228 GoogleCodeExporter closed 9 years ago
0
Flash UaF due to unrooted Atom array used during JSON stringification

#227 GoogleCodeExporter closed 9 years ago
5
Microsoft Office 2007/2010 RTF callout drawing primitive memory corruption

#226 GoogleCodeExporter closed 9 years ago
2
Flash PCRE regex compilation extended unicode comment arbitrary bytecode execution

#225 GoogleCodeExporter closed 9 years ago
4
[deleted issue]

#224 GoogleCodeExporter closed 9 years ago
0
Flash heap buffer overflow when stringifying Proxy objects

#223 GoogleCodeExporter closed 9 years ago
7
Windows: Local WebDAV NTLM Reflection Elevation of Privilege

#222 GoogleCodeExporter closed 9 years ago
14
OS X+iOS IOKit kernel code execution due to bad cast when using kernel c++ reflection in IOSurfaceRoot

#221 GoogleCodeExporter closed 9 years ago
9
Windows: AppInfo AiCheckSecureApplicationDirectory Bypass

#220 GoogleCodeExporter closed 9 years ago
9
Windows: NtUserGetClipboardAccessToken Token Leak

#219 GoogleCodeExporter closed 9 years ago
4
Flash heap buffer overflow due to integer overflow in JSON.stringify

#218 GoogleCodeExporter closed 9 years ago
5
[deleted issue]

#217 GoogleCodeExporter closed 9 years ago
0
Flash PCRE regex compilation recursion offset arbitrary bytecode execution

#216 GoogleCodeExporter closed 9 years ago
6
Windows: Registry Virtualization TOCTOU User Check

#215 GoogleCodeExporter closed 9 years ago
8
OS X IOKit kIOMapReadOnly read-only kernel shared memory bypass leading to kernel memory corruption bug in IOAccelContext2

#214 GoogleCodeExporter closed 9 years ago
6
Windows: Console Driver Job Object Process Limit Bypass

#213 GoogleCodeExporter closed 9 years ago
6
NVidia Windows Display Driver: Admin Impersonation Check Bypass

#212 GoogleCodeExporter closed 9 years ago
4
FreeType 2.5.4 Type42 parsing invalid free in "t42_parse_sfnts"

#211 GoogleCodeExporter closed 9 years ago
4
Flash: bad cast during garbage collection from KeenTeam

#210 GoogleCodeExporter closed 9 years ago
5
Flash: bad cast(?) in display list handling from KeenTean

#209 GoogleCodeExporter closed 9 years ago
7
Flash PCRE pcre_compile character class/ims options heap overflow

#208 GoogleCodeExporter closed 9 years ago
7
Flash: use-after-free in display list handling from KeenTeam

#207 GoogleCodeExporter closed 9 years ago
8
Windows: Limited Bypass of Traverse Permissions in Kernel Object Manager

#206 GoogleCodeExporter closed 9 years ago
2

Previous Next