| |
ID ▼ |
Type ▼ |
Status ▼ |
Priority ▼ |
Milestone ▼ |
Owner ▼ |
Summary + Labels ▼ |
... |
|---|
|
|
361 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Flash out-of-bounds memory read while parsing a mutated SWF file
CCProjectZeroMembers
|
|
|
|
362 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Flash out-of-bounds memory read while parsing a mutated SWF file
CCProjectZeroMembers
|
|
|
|
363 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Flash out-of-bounds memory read while parsing a mutated TTF file embedded in SWF
CCProjectZeroMembers
|
|
|
|
368 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow in the IUP[] program instruction
CCProjectZeroMembers
|
|
|
|
370 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow in win32k!scl_ApplyTranslation
CCProjectZeroMembers
|
|
|
|
382 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL out-of-bounds reads from the input CharString stream
CCProjectZeroMembers
|
|
|
|
383 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL invalid memory access due to malformed CFF table (ATMFD+0x34072 / ATMFD+0x3407b)
CCProjectZeroMembers
|
|
|
|
384 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL invalid memory access due to malformed CFF table (ATMFD+0x3440b / ATMFD+0x3440e)
CCProjectZeroMembers
|
|
|
|
385 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL write to uninitialized address due to malformed CFF table
CCProjectZeroMembers
|
|
|
|
386 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table
CCProjectZeroMembers
|
|
|
|
392 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL out-of-bounds read due to malformed FDSelect offset in the CFF table
CCProjectZeroMembers
|
|
|
|
401 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel win32k.sys TTF font processing: out-of-bounds pool memory access in win32k!fsc_RemoveDups
CCProjectZeroMembers
|
|
|
|
402 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel win32k.sys TTF font processing: out-of-bounds pool write in win32k!fsc_BLTHoriz
CCProjectZeroMembers
|
|
|
|
482 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: bypass of Vector.<uint> length vs. cookie validation
CCProjectZeroMembers
|
|