Vulnerabilities tagged "binary"

This is straight forward, yet subtle bug, basically taking a reference to a file while it is actively being deleted leading to a use after free despite holding onto a reference.

This is a interesting primitive, an unsigned 32bit integer can mistakenly be kept unsigned after it is supposedly converted to a signed 64bit integer and passed in somewhere expecting a signed value.

Three vulnerabilities found in MediaTek's audio Digital Signal Processor (DSP) firmware.They first go into some background on the DSP (which runs on a custom architecture and is interfaced with via the `/dev/audio_ipi` driver)...

A surprisingly simple bug in a well-fuzzed cryptographic library from Mozilla leading to an easy stack overflow in RSA-PSS code (vulnerability exists elsewhere also).

Exploitation of the TIPC heap overflow bug based on a keylength being used in a `memcpy()` call before it was validated.Two objects are used in combination with the overflow to achieve code execution...

Out-of-bounds (OOB) access in the `VMGExit` handler, which is triggered for string I/O instructions.The `sev_es_string_io()` function is responsible for doing the string copy between the unencrypted guest memory regions and the virtualized target...

Focuses on exploiting an Out-of-Bounds (OOB) read in the `IOSurface` subsystem.The vulnerability was an unchecked `scalar0` index into the scalar input array in `IOMobileFramebufferUserClient::get_displayed_surface()` called by `IOMobileFramebuffers::s_displayed_fb_service()`...

In the `recv_server-device_response_msg_process()` handler, a `nums` field gets pulled out of the packet's JSON payload, and is used to represent the total number of UDP server domains.The application then iterates based on this field, looking for its respective `domain%d` key in the JSON...

Uninitialized use found in Apple's ColorSync via fuzzing.When parsing an image, the library will calculate the start address for reading from a Color Lookup Table (CLUT) data point array for pixel data...

Heap based overflow in the Windows Kernel (ntfs.sys). This was originally found in the wild by Kaspersky, though Alex Plaskett here digs much more into the vulnerability and exploitation, and takes it in bit of a new direction removing the need for a separate info-leak.