| |
ID ▼ |
Type ▼ |
Status ▼ |
Priority ▼ |
Milestone ▼ |
Owner ▼ |
Summary + Labels ▼ |
... |
|---|
|
|
144 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Reader X and XI for Windows out-of-bounds write in CoolType.dll
CCProjectZeroMembers
|
|
|
|
149 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Reader X and XI for Windows out-of-bounds read in CoolType.dll
CCProjectZeroMembers
|
|
|
|
248 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Reader CoolType use of uninitialized memory in transient array
CCProjectZeroMembers
|
|
|
|
249 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Reader CoolType heap-based buffer overflow in Counter Control Hints
CCProjectZeroMembers
|
|
|
|
250 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Reader CoolType heap-based buffer underflow due to integer overflow in STOREWV
CCProjectZeroMembers
|
|
|
|
254 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Adobe Flash: Type Confusion in Button.filters
CCProjectZeroMembers
|
|
|
|
258 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Adobe Reader CoolType unlimited out-of-bounds stack manipulation via BLEND operator
CCProjectZeroMembers
|
|
|
|
259 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Microsoft Internet Explorer DirectWrite memory disclosure via uninitialized transient array
CCProjectZeroMembers
|
|
|
|
261 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: memory corruption with large mp4 atom sizes
CCProjectZeroMembers
|
|
|
|
277 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Microsoft Windows Presentation Foundation memory disclosure via uninitialized transient array
CCProjectZeroMembers
|
|
|
|
278 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: broker-based sandbox escape via forward slash instead of backslash
CCProjectZeroMembers
|
|
|
|
279 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: broker-based sandbox escape via unexpected directory lock
CCProjectZeroMembers
|
|
|
|
280 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: broker-based sandbox escape via timing attack against file moving
CCProjectZeroMembers
|
|
|
|
290 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Adobe Flash: NetStream Missing Constructor Normal Check
CCProjectZeroMembers
|
|
|
|
301 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Adobe Flash: Normal Check Should Verify that UserData and Destructor are null
CCProjectZeroMembers
|
|
|
|
302 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Security: Flash Player Integer Overflow in Function.apply
CCProjectZeroMembers
|
|
|
|
303 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Security: Use After Free in Flash AVSS.setSubscribedTags can cause memory corruption
CCProjectZeroMembers
|
|
|
|
316 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: Uninitialized stack variable while parsing an MPD file can corrupt memory
CCProjectZeroMembers
|
|
|
|
318 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: memory corruption with ShaderJob width and height TOCTOU condition
CCProjectZeroMembers
|
|
|
|
319 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: uninitialized memory information leak when shading into a ByteArray
CCProjectZeroMembers
|
|
|
|
322 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: info leak due to uninitialized registers when executing Shaders
CCProjectZeroMembers
|
|
|
|
326 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash: Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture
CCProjectZeroMembers
|
|
|
|
358 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap
CCProjectZeroMembers
|
|