Monorail Project: project-zero Issues People Development process History Sign in
New issue
Advanced search Search tips
ListGrid
Loading...
  ID Type  Status  Priority  Milestone  Owner  Summary + Labels ...
  368 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow in the IUP[] program instruction CCProjectZeroMembers  
  369 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL OTF font processing: pool-based buffer overflow with malformed GPOS table CCProjectZeroMembers  
  370 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow in win32k!scl_ApplyTranslation CCProjectZeroMembers  
  382 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds reads from the input CharString stream CCProjectZeroMembers  
  383 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL invalid memory access due to malformed CFF table (ATMFD+0x34072 / ATMFD+0x3407b) CCProjectZeroMembers  
  384 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL invalid memory access due to malformed CFF table (ATMFD+0x3440b / ATMFD+0x3440e) CCProjectZeroMembers  
  385 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL write to uninitialized address due to malformed CFF table CCProjectZeroMembers  
  386 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table CCProjectZeroMembers  
  392 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds read due to malformed FDSelect offset in the CFF table CCProjectZeroMembers  
  401 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds pool memory access in win32k!fsc_RemoveDups CCProjectZeroMembers  
  402 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds pool write in win32k!fsc_BLTHoriz CCProjectZeroMembers  
  506 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow with malformed OS/2 table CCProjectZeroMembers  
  507 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool-based buffer overflow with malformed TrueType program CCProjectZeroMembers  
  682 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL OTF font processing: stack corruption due to malformed CFF table CCProjectZeroMembers  
  683 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL OTF font processing: pool-based buffer overflow with malformed CFF table CCProjectZeroMembers  
  684 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: pool corruption with malformed EBLC / EBSC tables CCProjectZeroMembers  
  864 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds read in the RCVT TrueType instruction handler CCProjectZeroMembers  
  868 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: use-after-free in win32k!sbit_Embolden / win32k!ttfdCloseFontContext CCProjectZeroMembers  
  1178 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiExtGetObjectW CCProjectZeroMembers  
  1191 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir CCProjectZeroMembers  
  1213 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table CCProjectZeroMembers  
  1273 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds reads/writes with malformed "fpgm" table (win32k!bGeneratePath) CCProjectZeroMembers  
  1274 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel win32k.sys TTF font processing: out-of-bounds read with malformed "glyf" table (win32k!fsc_CalcGrayRow) CCProjectZeroMembers