New issue
Advanced search Search tips
ListGrid
Loading...
  ID Type  Status  Priority  Milestone  Owner  Summary + Labels ...
  116 ---- Fixed ---- ---- cevans@google.com Flash heap buffer overflow calling Camera.copyToByteArray() with a large ByteArray CCProjectZeroMembers  
  207 ---- Fixed ---- ---- cevans@google.com Flash: use-after-free in display list handling from KeenTeam CCProjectZeroMembers  
  209 ---- Fixed ---- ---- cevans@google.com Flash: bad cast(?) in display list handling from KeenTean CCProjectZeroMembers  
  210 ---- Fixed ---- ---- cevans@google.com Flash: bad cast during garbage collection from KeenTeam CCProjectZeroMembers  
  237 ---- Fixed ---- ---- cevans@google.com Flash: use-after-free(?) in bitmap decoding(?) from KeenTeam CCProjectZeroMembers  
  238 ---- Fixed ---- ---- cevans@google.com Flash: AGAL information leak from KeenTeam CCProjectZeroMembers  
  239 ---- Fixed ---- ---- cevans@google.com Flash: out-of-bounds write in shader handling CCProjectZeroMembers  
  278 ---- Fixed ---- ---- cevans@google.com Flash: broker-based sandbox escape via forward slash instead of backslash CCProjectZeroMembers  
  279 ---- Fixed ---- ---- cevans@google.com Flash: broker-based sandbox escape via unexpected directory lock CCProjectZeroMembers  
  280 ---- Fixed ---- ---- cevans@google.com Flash: broker-based sandbox escape via timing attack against file moving CCProjectZeroMembers  
  302 ---- Fixed ---- ---- cevans@google.com Security: Flash Player Integer Overflow in Function.apply CCProjectZeroMembers  
  303 ---- Fixed ---- ---- cevans@google.com Security: Use After Free in Flash AVSS.setSubscribedTags can cause memory corruption CCProjectZeroMembers  
  316 ---- Fixed ---- ---- cevans@google.com Flash: Uninitialized stack variable while parsing an MPD file can corrupt memory CCProjectZeroMembers  
  326 ---- Fixed ---- ---- cevans@google.com Flash: Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture CCProjectZeroMembers  
  330 ---- Fixed ---- ---- cevans@google.com Flash: AS2 Use After Free in TextField.filters (again) CCProjectZeroMembers  
  342 ---- Fixed ---- ---- cevans@google.com Flash AS2 Use After Free while setting TextField.filters CCProjectZeroMembers  
  349 ---- Fixed ---- ---- cevans@google.com Flash: use-after-free in display list handling from KEEN Team, round 2 CCProjectZeroMembers  
  354 ---- Fixed ---- ---- cevans@google.com Flash: Boundless Tunes - universal SOP bypass through ActionSctipt's Sound object CCProjectZeroMembers  
  358 ---- Fixed ---- ---- cevans@google.com Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap CCProjectZeroMembers  
  359 ---- Fixed ---- ---- cevans@google.com Flash UAF with MovieClip.scrollRect in AS2 CCProjectZeroMembers  
  367 ---- Fixed ---- ---- cevans@google.com Flash UAF with Color.setRGB in AS2 CCProjectZeroMembers  
  377 ---- Fixed ---- ---- cevans@google.com Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap (#2) CCProjectZeroMembers  
  378 ---- Fixed ---- ---- cevans@google.com Flash: out-of-bounds read in UTF conversion CCProjectZeroMembers  
  444 ---- Fixed ---- ---- cevans@google.com Flash AS2 Use After Free in TextField.filters (again and again) CCProjectZeroMembers  
  454 ---- Invalid ---- ---- forshaw@google.com Windows: wdmaud.drv/Microsoft GS Wavetable Synth Memory Corruption/OOB Read CCProjectZeroMembers  
  472 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in ByteArray Operator[] CCProjectZeroMembers  
  473 ---- Fixed ---- ---- cevans@google.com atmfd NamedEscape(0x2514) buffer-underflow vulnerability CCProjectZeroMembers