Cvjark/Poc

GitHub

github.com

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

记录自己使用 fuzz 发现的漏洞，包括产品 version、reproduce 步骤、威胁 rank。也自觉发现这些 POC 并不是重点，可能往后有进一步分析的必要，因此在此记录。

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-35059 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414.
CVE-2022-35055 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.
CVE-2022-35056 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.
CVE-2022-35058 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.
CVE-2022-35049 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.
CVE-2022-35047 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.
CVE-2022-35044 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.
CVE-2022-35046 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.
CVE-2022-35048 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.
CVE-2022-35045 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.
CVE-2022-35050 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.
CVE-2022-35051 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af.
CVE-2022-35052 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1.
CVE-2022-35053 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f.
CVE-2022-35054 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.
CVE-2022-35040 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.
CVE-2022-35043 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.
CVE-2022-35042 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.
CVE-2022-35041 ↗	Oct 14, 2022Friday, 14 October 2022, 12:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.
CVE-2022-35080 ↗	Oct 13, 2022Thursday, 13 October 2022, 12:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.
CVE-2022-35081 ↗	Oct 13, 2022Thursday, 13 October 2022, 12:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.
CVE-2022-35091 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()
CVE-2022-35092 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.
CVE-2022-35095 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.
CVE-2022-35093 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.
CVE-2022-35099 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.
CVE-2022-35096 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.
CVE-2022-35097 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.
CVE-2022-35098 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.
CVE-2022-35094 ↗	Sep 23, 2022Friday, 23 September 2022, 18:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.
CVE-2022-35032 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.
CVE-2022-35030 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954.
CVE-2022-35038 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b064d.
CVE-2022-35037 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e.
CVE-2022-35036 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8.
CVE-2022-35035 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b559f.
CVE-2022-35034 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d.
CVE-2022-35039 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0.
CVE-2022-35031 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969.
CVE-2022-35029 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.
CVE-2022-35025 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8.
CVE-2022-35028 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.
CVE-2022-35027 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7.
CVE-2022-35026 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.
CVE-2022-35022 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.
CVE-2022-35023 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384.
CVE-2022-35021 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693.
CVE-2022-35024 ↗	Sep 22, 2022Thursday, 22 September 2022, 17:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.
CVE-2022-35089 ↗	Sep 21, 2022Wednesday, 21 September 2022, 00:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.
CVE-2022-35085 ↗	Sep 21, 2022Wednesday, 21 September 2022, 00:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2022-35090 ↗	Sep 21, 2022Wednesday, 21 September 2022, 00:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.
CVE-2022-35088 ↗	Sep 21, 2022Wednesday, 21 September 2022, 00:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c.
CVE-2022-35087 ↗	Sep 21, 2022Wednesday, 21 September 2022, 00:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.
CVE-2022-35086 ↗	Sep 21, 2022Wednesday, 21 September 2022, 00:15	5.5 MEDIUM	—
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.
CVE-2022-35070 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97.
CVE-2022-35064 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.
CVE-2022-35063 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.
CVE-2022-35065 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.
CVE-2022-35069 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e.
CVE-2022-35068 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.
CVE-2022-35067 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.
CVE-2022-35062 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.
CVE-2022-35066 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.
CVE-2022-35061 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.
CVE-2022-35060 ↗	Sep 19, 2022Monday, 19 September 2022, 22:15	6.5 MEDIUM	—
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.
CVE-2022-35020 ↗	Aug 29, 2022Monday, 29 August 2022, 14:15	5.5 MEDIUM	—
Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-35019 ↗	Aug 29, 2022Monday, 29 August 2022, 14:15	5.5 MEDIUM	—
Advancecomp v2.3 was discovered to contain a segmentation fault.
CVE-2022-35018 ↗	Aug 29, 2022Monday, 29 August 2022, 14:15	5.5 MEDIUM	—
Advancecomp v2.3 was discovered to contain a segmentation fault.
CVE-2022-35014 ↗	Aug 29, 2022Monday, 29 August 2022, 14:15	5.5 MEDIUM	—
Advancecomp v2.3 contains a segmentation fault.
CVE-2022-35017 ↗	Aug 29, 2022Monday, 29 August 2022, 14:15	5.5 MEDIUM	—
Advancecomp v2.3 was discovered to contain a heap buffer overflow.
CVE-2022-35016 ↗	Aug 29, 2022Monday, 29 August 2022, 14:15	5.5 MEDIUM	—
Advancecomp v2.3 was discovered to contain a heap buffer overflow.
CVE-2022-35015 ↗	Aug 29, 2022Monday, 29 August 2022, 14:15	5.5 MEDIUM	—
Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.