ChijinZ/security_advisories

GitHub

github.com

Releases0

Stars17

A repository for archiving my vulnerability discoveries.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-30293 ↗	May 6, 2022Friday, 6 May 2022, 05:15	7.5 HIGH	5.1 MEDIUM
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
CVE-2021-45483 ↗	Dec 25, 2021Saturday, 25 December 2021, 01:15	6.5 MEDIUM	4.3 MEDIUM
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889.
CVE-2021-45482 ↗	Dec 25, 2021Saturday, 25 December 2021, 01:15	6.5 MEDIUM	4.3 MEDIUM
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889.
CVE-2021-45481 ↗	Dec 25, 2021Saturday, 25 December 2021, 01:15	6.5 MEDIUM	4.3 MEDIUM
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.
CVE-2020-18428 ↗	Jul 26, 2021Monday, 26 July 2021, 22:15	7.5 HIGH	5 MEDIUM
tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).
CVE-2020-18430 ↗	Jul 26, 2021Monday, 26 July 2021, 22:15	7.5 HIGH	5 MEDIUM
tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).
CVE-2018-12503 ↗	Jun 16, 2018Saturday, 16 June 2018, 15:29	—	7.5 HIGH
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.
CVE-2018-12504 ↗	Jun 16, 2018Saturday, 16 June 2018, 15:29	—	5 MEDIUM
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.
CVE-2018-12064 ↗	Jun 8, 2018Friday, 8 June 2018, 12:29	—	7.5 HIGH
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.
CVE-2018-11813 ↗	Jun 6, 2018Wednesday, 6 June 2018, 03:29	—	5 MEDIUM
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
CVE-2018-11365 ↗	May 22, 2018Tuesday, 22 May 2018, 04:29	—	5 MEDIUM
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.
CVE-2018-11364 ↗	May 22, 2018Tuesday, 22 May 2018, 04:29	—	5 MEDIUM
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.
CVE-2018-11363 ↗	May 22, 2018Tuesday, 22 May 2018, 04:29	—	5 MEDIUM
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.
CVE-2018-11212 ↗	May 16, 2018Wednesday, 16 May 2018, 17:29	—	4.3 MEDIUM
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-11214 ↗	May 16, 2018Wednesday, 16 May 2018, 17:29	—	4.3 MEDIUM
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVE-2018-11213 ↗	May 16, 2018Wednesday, 16 May 2018, 17:29	—	4.3 MEDIUM
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.