New issue
Advanced search Search tips
ListGrid
Loading...
  ID Type  Status  Priority  Milestone  Owner  Summary + Labels ...
  120 ---- Fixed ---- ---- cevans@google.com Type Confusion in Setting Microphone Codec CCProjectZeroMembers  
  150 ---- Fixed ---- ---- cevans@google.com File Reference Object Constructor Does Not Clear Destructor CCProjectZeroMembers  
  192 ---- Fixed ---- ---- cevans@google.com XMLSocket Destructor Does Not Get Cleared Before Setting User Data in connect CCProjectZeroMembers  
  205 ---- Fixed ---- ---- cevans@google.com Adobe Flash Calling Superconstructor More Than Once Can Lead to Inconsistent User Data and Destroy Func CCProjectZeroMembers  
  229 ---- Fixed ---- ---- cevans@google.com Type Confusion in NetConnection ASnative CCProjectZeroMembers  
  244 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Setting ConvolutionFilter.matrix can write to memory that has already been freed CCProjectZeroMembers  
  254 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Type Confusion in Button.filters CCProjectZeroMembers  
  260 ---- Fixed ---- ---- cevans@google.com Adobe Flash: XML and XMLNode classes missing constructor type check CCProjectZeroMembers  
  262 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Type Confusion in Sound class CCProjectZeroMembers  
  290 ---- Fixed ---- ---- cevans@google.com Adobe Flash: NetStream Missing Constructor Normal Check CCProjectZeroMembers  
  301 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Normal Check Should Verify that UserData and Destructor are null CCProjectZeroMembers  
  336 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Type Confusion in NetConnection with __proto__ CCProjectZeroMembers  
  337 ---- Fixed ---- ---- cevans@google.com FileReferenceList.browse does not check that fileList is a ScriptObject CCProjectZeroMembers  
  338 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Type Confusion in SharedObject.data CCProjectZeroMembers  
  344 ---- Fixed ---- ---- cevans@google.com Adobe Flash: SharedObject Destructor Sets data to Normal Type CCProjectZeroMembers  
  352 ---- Fixed ---- ---- cevans@google.com Use-after-free in NetConnection.connect CCProjectZeroMembers  
  355 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free when setting variable CCProjectZeroMembers  
  356 ---- Fixed ---- ---- cevans@google.com Use-after-free when setting internal boolean CCProjectZeroMembers  
  357 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free when setting internal number CCProjectZeroMembers  
  360 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free when setting value CCProjectZeroMembers  
  365 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in XML.childNodes CCProjectZeroMembers  
  366 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free when printing XML Attributes CCProjectZeroMembers  
  371 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in Array.push CCProjectZeroMembers  
  372 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in Array.unshift CCProjectZeroMembers  
  374 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Array.sort can go out of bounds CCProjectZeroMembers  
  380 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in scale9Grid CCProjectZeroMembers  
  381 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in tabIndex setter CCProjectZeroMembers  
  388 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in Drawing Methods this CCProjectZeroMembers  
  389 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free when calling setMask CCProjectZeroMembers  
  391 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in attachMovie CCProjectZeroMembers  
  403 ---- Fixed ---- ---- cevans@google.com Adobe Flash: use-after-free in swapDepths CCProjectZeroMembers  
  408 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Use-after-free in createTextField CCProjectZeroMembers  
  409 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Type Confusion in TextRenderer.setAdvancedAntialiasingTable CCProjectZeroMembers  
  416 ---- Fixed ---- ---- cevans@google.com Adobe Flash: XMLSocket Destructor Does Not Get Cleared Before Setting User Data in connect (Part 2) CCProjectZeroMembers  
  418 ---- Fixed ---- ---- cevans@google.com Use-after-free in TextField.gridFitType CCProjectZeroMembers  
  421 ---- Fixed ---- ---- cevans@google.com Adobe Flash: NetConnection Constructor needs Normal Check CCProjectZeroMembers  
  422 ---- Fixed ---- ---- cevans@google.com Adobe Flash: FileReference class is missing Normal check CCProjectZeroMembers  
  434 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Shared Object Lacks Normal Check CCProjectZeroMembers  
  443 ---- Fixed ---- ---- cevans@google.com Adobe Flash: Overflow in ID3 Tag Parsing CCProjectZeroMembers  
  451 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in Color.setTransform CCProjectZeroMembers  
  495 ---- Fixed ---- ---- hawkes@google.com Samsung libQjpeg image decoding memory corruption CCProjectZeroMembers  
  497 ---- Fixed ---- ---- natashenka@google.com Samsung Galaxy S6: Samsung Gallery Bitmap Decoding Crash CCProjectZeroMembers  
  498 ---- Fixed ---- ---- natashenka@google.com Samsung Galaxy S6: libQjpeg DoIntegralUpsample Crash CCProjectZeroMembers  
  499 ---- Fixed ---- ---- natashenka@google.com Samsung Galaxy S6: android.media.process Face Recognition Memory Corruption CCProjectZeroMembers  
  500 ---- Fixed ---- ---- natashenka@google.com Samsung Galaxy S6: Samsung Gallery GIF Parsing Crash CCProjectZeroMembers  
  502 ---- Fixed ---- ---- natashenka@google.com libstagefright integer overflow checks can by bypassed with extended chunk lengths CCProjectZeroMembers  
  523 ---- Fixed ---- ---- natashenka@google.com Memory corruption in ih264d_process_intra_mb CCProjectZeroMembers  
  545 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter CCProjectZeroMembers  
  547 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Type Confusion in IExternalizable.writeExternal When Performing Local Serialization CCProjectZeroMembers  
  548 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Type Confusion in IExternalizable.readExternal When Performing Local Serialization CCProjectZeroMembers  
  557 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-frees in GradientFill CCProjectZeroMembers  
  558 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-frees in MovieClip.lineStyle CCProjectZeroMembers  
  559 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.gridFitType setter CCProjectZeroMembers  
  560 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.antiAliasType setter CCProjectZeroMembers  
  568 Defect Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in Sound.setTransform CCProjectZeroMembers  
  570 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in MovieClip.localToGlobal CCProjectZeroMembers  
  571 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in MovieClip.attachMovie CCProjectZeroMembers  
  574 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.tabIndex setter CCProjectZeroMembers  
  576 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.text setter CCProjectZeroMembers  
  577 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.type setter CCProjectZeroMembers  
  578 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.htmlText setter CCProjectZeroMembers  
  579 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.variable setter CCProjectZeroMembers  
  581 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free TextField.maxChars CCProjectZeroMembers  
  583 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after free when using TextField variable CCProjectZeroMembers  
  584 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.replaceText CCProjectZeroMembers  
  585 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: User-after-free in TextField.replaceSel CCProjectZeroMembers  
  586 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.setFormat CCProjectZeroMembers  
  587 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.thickness setter CCProjectZeroMembers  
  588 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in TextField.sharpness setter CCProjectZeroMembers  
  590 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in Selection.SetSelection CCProjectZeroMembers  
  591 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in MovieClip.duplicateMovieClip CCProjectZeroMembers  
  592 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in MovieClip.startDrag CCProjectZeroMembers  
  593 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in MovieClip.attachBitmap CCProjectZeroMembers  
  609 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Heap Overflow in BitmapData.drawWithQuality CCProjectZeroMembers  
  611 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in URLStream.readObject CCProjectZeroMembers  
  616 ---- Fixed ---- ---- natashenka@google.com Samsung Galaxy S6: android.media.process Face Recognition Memory Corruption (MdConvertLine) CCProjectZeroMembers  
  617 ---- Fixed ---- ---- natashenka@google.com Samsung Galaxy S6: libQjpeg je_free Crash CCProjectZeroMembers  
  627 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Out-of-bounds memset in BlurFilter Processing CCProjectZeroMembers  
  628 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free when rendering displays from multiple scripts CCProjectZeroMembers  
  629 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free when setting stage CCProjectZeroMembers  
  630 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Out-of-bounds image read CCProjectZeroMembers  
  632 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Out-of-bound Read in H264 Parsing CCProjectZeroMembers  
  633 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: H264 File Causes Stack Corruption CCProjectZeroMembers  
  634 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Processing AVC Causes Stack Corruption CCProjectZeroMembers  
  635 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Heap Overflow in ATF Processing CCProjectZeroMembers  
  640 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Type Confusion in SimpleButton Creation CCProjectZeroMembers  
  664 ---- Fixed ---- ---- natashenka@google.com Google Chrome: Privilege Escalation from Renderer Process to Browser Process CCProjectZeroMembers  
  666 ---- Fixed ---- ---- taviso@google.com FireEye: Wormable Remote Code Execution in MIP JAR Analysis CCProjectZeroMembers  
  667 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in LoadVars.decode CCProjectZeroMembers  
  680 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in Sound.setTransform (2) CCProjectZeroMembers  
  681 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in setInterval CCProjectZeroMembers  
  698 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Dangling Pointer in Sound.loadPCMFromByteArray CCProjectZeroMembers  
  701 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Type Confusion in TextField Constructor CCProjectZeroMembers  
  715 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix CCProjectZeroMembers  
  716 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Uninitialized Stack Parameter Access in Object.unwatch UaF Fix CCProjectZeroMembers  
  717 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix CCProjectZeroMembers  
  718 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use-after-free in Sprite Creation CCProjectZeroMembers  
  719 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Use after free when rendering displays from multiple scripts (2) CCProjectZeroMembers  
  720 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Heap Overflow in Zlib Codec CCProjectZeroMembers  
  721 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Crash in Shape Rendering CCProjectZeroMembers