Chrome suffers from a use-after-free vulnerability in the RenderProcessHostImpl binding for P2PSocketDispatcherHost.
11fb3cadf252944e7b29e9069845929d7d4986f025488c7c0c80f5dc9b88bb27Chrome suffers from a use-after-free vulnerability in RenderFrameHostImpl::CreateMediaStreamDispatcherHost.
fb031633c01be0530ba93f915787ad97df1516fb4d5cc8dcbb8d0b436e7ca99aChrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.
d1c10f2bf9feaa3822d838795ee22e210b6fbe031a801f2821a9365aceb1fd14Chrome suffers from floating-point precision errors in Swiftshader blitting.
55329bd2920eaa9d39110322696bef158e0b340f65c27b63cceed9585601bc64Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.
04d325a817231ab9f0764272b559378b2d3fe10f9b33e17341521360cd5f6b9eChrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.
6587e8951f4e79c87ecd7b6a16fa91a40d27b5f94453f1ea87b0a9789512a6beChrome V8 suffers from an integer overflow vulnerability in object allocation size.
ff8f6ea3f286a12d25b238442f6fc1ab337a443b0622cd2b2f518a85f646b577Pdfium suffers from an out-of-bounds read vulnerability with shading pattern backed by pattern colorspace.
02680f03b5081f40044a2e4ca25561b68960dcd1b645e45aa7c8482ac2740d08Pdfium suffers from integer overflow vulnerabilities in pattern shading.
4d935fa943fbc44b9937952cadde9af1947020b1ac363f12570b622bf6f56911Pdfium suffers from an out-of-bounds read vulnerability with nested colorspaces.
12f03767c9d43e8a501e1d3a1b41c4dd55373be4fd2eac5418f3d65528b4290bLG suffers from multiple stack overflows in ASFParser::SetMetaData.
ea05f7a62253726acc0eb18d46ed9849a18b0dea1654d3211310564f7f79f2feLG has a memcpy in ASFParser::ParseHeaderExtensionObjects that does not check that the size of the copy is smaller than the size of the source buffer, resulting in an out-of-bounds heap read.
f690404919f0a56a0dd98b93cd9b75a9a17ac070cdca41f9c04a645106020710LG suffers from an out-of-bounds read in CAVIFileParser::Destroy resulting in an invalid free.
e54d8c51552352c69f73028dd3cbee2a68b6c2a64636ec156800c503f8ab68c3LG suffers from missing bounds-checking in AVI stream parsing.
ec3fc745f417d2de9b9dce5c94d09646f9d3ceda294aaff7c9b7c300791ac34dLG has an issue where a malformed OGM file can cause the use of an uninitialized pointer during Vorbis header verification - vorbis_info_clear is called on a vorbis_info structure that has not previously been initialised by a call to vorbis_info_init.
afdfbc4dd8683cc760fb99fd28315f8ac51c68ca61a0fb1a2f850952b9060614LG suffers from a failure to initialize pointer in the mkvparser::Tracks constructor.
dc1f3e39b2a0f4669be5404225183524e54f78ef582455769f350076b5800172LG suffers from multiple heap buffer overflow vulnerabilities in mkvparser::Block::Block.
702a3130b0cc9fea19b21e7a228efefb25a5c5f5d437d3d4311fb47fdbfe04b2During EBML node parsing the EBML element_size is used unvalidated to allocate a stack buffer to store the element contents. Since calls to alloca simply compile to a subtraction from the current stack pointer, for large sizes this can result in memory corruption and potential remote-code-execution in the mediaserver process. Tested on an LG-G4 with firmware MRA58K.
fead583452cca3b0aff0b1e5d1c60e83a1131d969e79b214c620dd57f7a19180LG suffers from multiple race conditions in the lgdrmserver binder service.
be6c413b89ac32bcdb0c689df2c59416465d14d481fc1615f3cafe3398e28ea0LG suffers from a directory traversal vulnerability in lghashstorageserver.
f7a34bf7c168e20f4a7fd368c21c610d968b5bed75d7c9560db40322db15a24eThe LG touchscreen driver suffers from a write_log kernel read/write vulnerability.
61461a11943fec44113f7932a220f759798d2e2dfc1f4238a9bfc6237175a26cThe LG Felica driver performs a dangerous set_fs usage.
5f2a0992eeb78e5f0e7011970487e4721cea768002f4fe1d89ffc9765b2c9f11Android suffers from a stack overflow vulnerability in WifiNative::setHotlist.
cd3a91f7963d6333306d556e62ac5339d4d9c7785ac58b5b1dbe108c918528b9Android suffers from an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch between the size calculated by utf16_to_utf8_length and the number of bytes written by utf16_to_utf8. This results in a heap buffer overflow.
96cc80081d5dd685082f852a3e7f67d2a383203aa882b75afb5e24b6591cb0a8AppArmor has a reference count leak in aa_fs_seq_hash_show that can be used to overflow the reference counter and trigger a kernel use-after-free.
aeb4adc2c9454e00e280467d5afe605088bc235c957b16c9ba2883396aeb3993
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed