| |
ID ▼ |
Type ▼ |
Status ▼ |
Priority ▼ |
Milestone ▼ |
Owner ▼ |
Summary + Labels ▼ |
... |
|---|
|
|
169 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL DoS via unlimited CharString program execution
CCProjectZeroMembers
|
|
|
|
174 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL out-of-bounds reads from the input CharString stream
CCProjectZeroMembers
|
|
|
|
175 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL off-by-x oob reads/writes relative to the operand stack
CCProjectZeroMembers
|
|
|
|
176 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL kernel pool memory disclosure via uninitialized transient array
CCProjectZeroMembers
|
|
|
|
177 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL read/write-what-where in LOAD and STORE operators
CCProjectZeroMembers
|
|
|
|
178 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL pool-based buffer overflow in Counter Control Hints
CCProjectZeroMembers
|
|
|
|
179 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL pool-based buffer underflow due to integer overflow in STOREWV
CCProjectZeroMembers
|
|
|
|
180 |
----
|
Fixed
|
----
|
----
|
mjurczyk@google.com
|
Windows Kernel ATMFD.DLL unlimited out-of-bounds stack manipulation via BLEND operator
CCProjectZeroMembers
|
|
|
|
216 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Flash PCRE regex compilation recursion offset arbitrary bytecode execution
CCProjectZeroMembers
|
|
|
|
217 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
OS X IOKit kernel code execution due to off-by-one in IOAccel2DContext::blit
CCProjectZeroMembers
|
|