Twenty Year Anniversary
Showing 1 - 25 of 28 RSS Feed

Files from Mark Brand

First Active2015-03-18
Last Active2018-07-19
Chrome Swiftshader Blitting Floating-Point Precision Errors
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from floating-point precision errors in Swiftshader blitting.

tags | exploit
MD5 | 7b98d22e3cda5e01a29a389816481305
Chrome SwiftShader OpenGL Texture Binding Reference Count Leak
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.

tags | exploit
MD5 | 94c654dcb20a0856b832d97f6fed38a0
Chrome Swiftshader Texture Allocation Integer Overflow
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.

tags | exploit, overflow
MD5 | b3eb960cb7d3278d871332f5993c7d6c
Chrome V8 Object Allocation Size Integer Overflow
Posted May 4, 2018
Authored by Google Security Research, Mark Brand

Chrome V8 suffers from an integer overflow vulnerability in object allocation size.

tags | exploit, overflow
advisories | CVE-2018-6065
MD5 | d354d3af55153261405bf964d6202de1
Pdfium Shading Pattern Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with shading pattern backed by pattern colorspace.

tags | exploit
MD5 | e26113bd8551c52b88a243b79666f8aa
Pdfium Pattern Shading Integer Overflow
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from integer overflow vulnerabilities in pattern shading.

tags | exploit, overflow, vulnerability
MD5 | 8249e633f7fb1bb2b541a3a9f968bfb2
Pdfium Colorspaces Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with nested colorspaces.

tags | advisory
MD5 | 431c828e56dcc082e1091c534174b86f
LG ASFParser::SetMetaData Stack Overflow
Posted Jun 30, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple stack overflows in ASFParser::SetMetaData.

tags | exploit, overflow
MD5 | 11032cdfb45063fe394b921e0d88804a
LG ASFParser::ParseHeaderExtensionObjects Missing Bounds Check
Posted Jun 13, 2017
Authored by Google Security Research, Mark Brand

LG has a memcpy in ASFParser::ParseHeaderExtensionObjects that does not check that the size of the copy is smaller than the size of the source buffer, resulting in an out-of-bounds heap read.

tags | exploit
MD5 | cc4a461769ce92dca6a0c1f92a819609
LG CAVIFileParser::Destroy Out-Of-Bounds Heap Read
Posted Jun 13, 2017
Authored by Google Security Research, Mark Brand

LG suffers from an out-of-bounds read in CAVIFileParser::Destroy resulting in an invalid free.

tags | exploit
MD5 | 51ab5dda3b960588d3452a78cee02602
LG AVI Stream Parsing Missing Bounds-Checking
Posted Jun 13, 2017
Authored by Google Security Research, Mark Brand

LG suffers from missing bounds-checking in AVI stream parsing.

tags | exploit
MD5 | a78e9a54318e6e5bb216dc94b8637df3
LG OGMParser::VerifyVorbisHeader Uninitialized Pointer
Posted May 23, 2017
Authored by Google Security Research, Mark Brand

LG has an issue where a malformed OGM file can cause the use of an uninitialized pointer during Vorbis header verification - vorbis_info_clear is called on a vorbis_info structure that has not previously been initialised by a call to vorbis_info_init.

tags | exploit
MD5 | cc75081f5748ec93fe019a15eef25343
LG mkvparser::Tracks Failed Pointer Initialization
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from a failure to initialize pointer in the mkvparser::Tracks constructor.

tags | exploit
MD5 | 0888abdf84945f9209219f9db48ad8f6
LG mkvparser::Block::Block Heap Buffer Overflows
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple heap buffer overflow vulnerabilities in mkvparser::Block::Block.

tags | exploit, overflow, vulnerability
MD5 | 3d0e37a13001f12db4209248c38a7463
LG liblg_parser_mkv.so Bad Allocation Calls
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

During EBML node parsing the EBML element_size is used unvalidated to allocate a stack buffer to store the element contents. Since calls to alloca simply compile to a subtraction from the current stack pointer, for large sizes this can result in memory corruption and potential remote-code-execution in the mediaserver process. Tested on an LG-G4 with firmware MRA58K.

tags | exploit, remote
MD5 | 711c46670019250996b82da037a5b3ab
LG lgdrmserver Race Conditions
Posted Feb 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple race conditions in the lgdrmserver binder service.

tags | exploit
MD5 | ac7713f9963acc09ade2abd6cafa0ded
LG lghashstorageserver Directory Traversal
Posted Feb 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from a directory traversal vulnerability in lghashstorageserver.

tags | exploit
MD5 | b3f7e919c94cf82228b1ed65b155ad0b
LG Touchscreen Driver write_log Kernel Read / Write
Posted Feb 9, 2017
Authored by Google Security Research, Mark Brand

The LG touchscreen driver suffers from a write_log kernel read/write vulnerability.

tags | exploit, kernel
MD5 | 1e851e06a7f4f7a39835926ab5d014ad
LG Felica Driver Dangerous set_fs Usage
Posted Feb 9, 2017
Authored by Google Security Research, Mark Brand

The LG Felica driver performs a dangerous set_fs usage.

tags | advisory
MD5 | 9108661250254eadad315d7b7ba1cfd2
Android WifiNative::setHotlist Stack Overflow
Posted Dec 22, 2016
Authored by Google Security Research, Mark Brand

Android suffers from a stack overflow vulnerability in WifiNative::setHotlist.

tags | exploit, overflow
advisories | CVE-2016-6772
MD5 | b761c3665f954faf1df05f42e3ddf58a
Android libutils Heap Buffer Overflow
Posted Sep 8, 2016
Authored by Google Security Research, Mark Brand

Android suffers from an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch between the size calculated by utf16_to_utf8_length and the number of bytes written by utf16_to_utf8. This results in a heap buffer overflow.

tags | exploit, overflow
advisories | CVE-2016-3861
MD5 | ca48cd81170253fac6461c982222bb7a
AppArmor aa_fs_seq_hash_show Reference Count Leak
Posted Jul 28, 2016
Authored by Google Security Research, Mark Brand

AppArmor has a reference count leak in aa_fs_seq_hash_show that can be used to overflow the reference counter and trigger a kernel use-after-free.

tags | exploit, overflow, kernel
MD5 | 91de71cb39c0e5e61e7239423aaa5547
Samsung Android JACK Privilege Escalation
Posted Jul 6, 2016
Authored by Google Security Research, Mark Brand

The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK and appears to suffer from a privilege escalation vulnerability.

tags | advisory
systems | linux
MD5 | cb942ef82a22bd3ecbe7f271d98180f2
Samsung Android JACK ASLR Bypass
Posted Jul 6, 2016
Authored by Google Security Research, Mark Brand

The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be designed for single-user usage. The common JACK configuration on Linux systems appears to be a JACK server running under the current user account, and interacting with JACK clients from the same user account; so with a minimal privilege difference; this is not the case with the configuration on Android, where the JACK service runs as a more privileged user in a less restrictive SELinux domain to the clients that can connect to it. The JACK shared memory implementation uses the struct jack_shm_info_t defined in /common/shm.h to do some bookkeeping. This struct is stored at the start of every JackShmAble object. This means that whenever the JACK server creates an object backed by shared memory, it also stores a pointer to that object (in the address space of the JACK server), allowing a malicious client to bypass ASLR in the JACK server process.

tags | advisory
systems | linux
MD5 | 8288db414362e6a728044ca93ad526bf
Chrome GPU Process MailboxManagerImpl Double Read
Posted Jun 16, 2016
Authored by Google Security Research, Mark Brand

Several functions in the GPU command buffer service interact with the GPU mailbox manager (gpu/command_buffer/service/mailbox_manager_impl.cc), passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does not expect this mailbox argument to be malleable in this way, and it is in several places copied and passed to various stl functions, resulting in unexpected behavior from double-reads when an attacker modifies the mailbox name mid function.

tags | exploit
systems | linux
MD5 | fe0ec225a5e3c3b2535961de5c8c6c37
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    3 Files
  • 19
    Aug 19th
    3 Files
  • 20
    Aug 20th
    21 Files
  • 21
    Aug 21st
    7 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close