Issues - project-zero - Project Zero

ListGrid

1 - 55 of 55

ID ▼	Type ▼	Status ▼	Priority ▼	Milestone ▼	Owner ▼	Summary + Labels ▼
89	----	Fixed	----	----	hawkes@google.com	Linux kernel hid-logitech-dj.c device_index arbitrary kfree CCProjectZeroMembers
90	----	Fixed	----	----	hawkes@google.com	Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap overflow CCProjectZeroMembers
91	----	Fixed	----	----	hawkes@google.com	Linux kernel HID report fixup multiple off-by-one issues CCProjectZeroMembers
107	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 TTDeleteEmbeddedFont handle double delete CCProjectZeroMembers
108	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 lcbPlcffndTxt/fcPlfguidUim memory corruption CCProjectZeroMembers
110	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 PapxFkp rgbx bOffset memory corruption CCProjectZeroMembers
111	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 VBA ExtendedControl use-after-free CCProjectZeroMembers
117	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 MsoDrawingGroup rgChildRec invalid GlobalFree CCProjectZeroMembers
119	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 BoundSheet dt use-after-free CCProjectZeroMembers
129	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 dispatch table out-of-bounds function call CCProjectZeroMembers
132	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 shape drawing object use-after-free CCProjectZeroMembers
170	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 malformed document stack-based buffer overflow CCProjectZeroMembers
171	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 OneTableDocumentStream invalid object CCProjectZeroMembers
226	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007/2010 RTF callout drawing primitive memory corruption CCProjectZeroMembers
230	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 RTF XML SmartTags use-after-free CCProjectZeroMembers
234	----	Fixed	----	----	hawkes@google.com	Android BitmapFactory.decodeStream 9patch PNG heap overflow CCProjectZeroMembers
252	----	Fixed	----	----	hawkes@google.com	Android BitmapFactory.decodeStream JPG allocPixelRef integer overflow CCProjectZeroMembers
255	----	Fixed	----	----	hawkes@google.com	SKIA ICO decoding information leak CCProjectZeroMembers
308	----	Fixed	----	----	hawkes@google.com	Microsoft Office 2007 WordPerfect Memory Corruption CCProjectZeroMembers
315	----	Fixed	----	----	hawkes@google.com	Microsoft Office WordPerfect Invalid Copy Destination CCProjectZeroMembers
317	----	Duplicate	----	----	hawkes@google.com	Microsoft Office WordPerfect Invalid XOR CCProjectZeroMembers
361	----	Fixed	----	----	mjurczyk@google.com	Adobe Flash out-of-bounds memory read while parsing a mutated SWF file CCProjectZeroMembers
362	----	Fixed	----	----	mjurczyk@google.com	Adobe Flash out-of-bounds memory read while parsing a mutated SWF file CCProjectZeroMembers
363	----	Fixed	----	----	mjurczyk@google.com	Adobe Flash out-of-bounds memory read while parsing a mutated TTF file embedded in SWF CCProjectZeroMembers
376	----	Fixed	----	----	hawkes@google.com	Android media sonivox XMF heap corruption CCProjectZeroMembers
378	----	Fixed	----	----	cevans@google.com	Flash: out-of-bounds read in UTF conversion CCProjectZeroMembers
396	----	Fixed	----	----	cevans@google.com	Flash: wild pointer crash in drawing and bitmap handling CCProjectZeroMembers
397	----	Fixed	----	----	cevans@google.com	Flash: wild pointer crash after continuing slow script CCProjectZeroMembers
398	----	Fixed	----	----	cevans@google.com	Flash: bad dereference at 0x23c on Linux x64 CCProjectZeroMembers
399	----	Fixed	----	----	cevans@google.com	Flash: wild pointer in button handling CCProjectZeroMembers
400	----	Fixed	----	----	cevans@google.com	Flash: wild pointer crash in XML handling CCProjectZeroMembers
410	----	Fixed	----	----	hawkes@google.com	Adobe Flash URL Resource Use-after-free CCProjectZeroMembers
425	----	Fixed	----	----	cevans@google.com	Flash: heap-based buffer overflow loading FLV file with Nellymoser audio codec CCProjectZeroMembers
426	----	Fixed	----	----	cevans@google.com	Flash: heap-based buffer overflow due to indexing error when loading FLV file CCProjectZeroMembers
432	----	Duplicate	----	----	hawkes@google.com	Flash: wild read on audio thread CCProjectZeroMembers
438	----	Fixed	----	----	hawkes@google.com	Flash: use-after-free in video decoding CCProjectZeroMembers
446	----	Fixed	----	----	hawkes@google.com	Flash: wild pointer 0x1808121a502959a4 decoding h.264 CCProjectZeroMembers
447	----	Fixed	----	----	hawkes@google.com	Flash: corrupt stack leading to misaligned XMM instruction decoding h.264 CCProjectZeroMembers
448	----	Fixed	----	----	hawkes@google.com	Flash: out-of-bounds crash due to negative table indexing error loading 8-byte wide value CCProjectZeroMembers
449	----	Fixed	----	----	hawkes@google.com	Flash: out-of-bounds read in AAC audio handling CCProjectZeroMembers
450	----	Fixed	----	----	hawkes@google.com	Flash: information leak into video canvas; rendering of non-deterministic content that apparently contains pointers CCProjectZeroMembers
452	----	Fixed	----	----	hawkes@google.com	Flash: wild write at 0x453b0cf0 in color conversion CCProjectZeroMembers
493	----	Fixed	----	----	hawkes@google.com	Samsung m2m1shot kernel driver buffer overflow CCProjectZeroMembers
627	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Out-of-bounds memset in BlurFilter Processing CCProjectZeroMembers
628	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Use-after-free when rendering displays from multiple scripts CCProjectZeroMembers
629	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Use-after-free when setting stage CCProjectZeroMembers
630	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Out-of-bounds image read CCProjectZeroMembers
632	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Out-of-bound Read in H264 Parsing CCProjectZeroMembers
633	----	Fixed	----	----	natashenka@google.com	Adobe Flash: H264 File Causes Stack Corruption CCProjectZeroMembers
634	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Processing AVC Causes Stack Corruption CCProjectZeroMembers
635	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Heap Overflow in ATF Processing CCProjectZeroMembers
718	----	Fixed	----	----	natashenka@google.com	Adobe Flash: Use-after-free in Sprite Creation CCProjectZeroMembers
734	----	Fixed	----	----	hawkes@google.com	Qualcomm Adreno GPU MSM driver perfcounter query heap overflow CCProjectZeroMembers
735	----	Fixed	----	----	hawkes@google.com	Linux io_submit L2TP sendmsg integer overflow CCProjectZeroMembers
758	----	Fixed	----	----	hawkes@google.com	Linux netfilter IPT_SO_SET_REPLACE memory corruption CCProjectZeroMembers

1 - 55 of 55

Show columns:
♦ ID
♦ Type
♦ Status
♦ Priority
♦ Milestone
♦ Owner
♦ Summary
AllLabels
Attachments
Blocked
BlockedOn
Blocking
CVE
Cc
Closed
Component
ComponentModified
Deadline
Finder
Fixed
Label
MSRC
MergedInto
Modified
OpSys
Opened
OwnerLastVisit
OwnerModified
Product
Project
QPSIIR
Reported
Reporter
Severity
Stars
StatusModified
Vendor
Edit column spec...

3646
3647
3648
3676
3730
3731
3732
3733
3734
3764
3787
3791
3796
3804
3826
3827
3828
3829
3830
3831