The CoreGraphics framework for decoding JBIG2-encoded data in a PDF has an out of bounds write. This vulnerabilities originates in its attempt to calculate the number of symbols.
Straightforward use-after-free in libcurl when processing MQTTs.The `mqtt_doing()` routine will attempt to send any remainder of outgoing packet data using the `mq->sendleftovers` pointer, freeing that pointer, but then never clearing the reference...
The idea here is that by overflowing the value containing the size of a header name you can cause the header to be misinterpreted.
There is an out-of-bounds access
Authentication bypass by including a magic string in the URL.The string isn't exactly magic, rather it seems like this page (setcup.cgi) has a single file that needs to be access without authentication...
WhatsApp has the ability for users to apply filters on images.The way these filters work is they take a "source" image, apply transformations on the underlying pixel data, then save the new image...
Bhyve is FreeBSD's type-2 hypervisor.The author of this GitHub security advisory discovered 6 bugs that can lead to a VM escape in various drivers, and all of them are essentially the same issue in different places...
Synaktiv ended up investigating the Western Digital Pro PR4100 when looking at the target list for pwn2own tokyo 2020.When looking at this device, they took particular interest in the webserver, and reversed the cgi-bin that implemented it...
This post covers a heap overflow in the InnoDB memcached plugin for MySQL.The "get" command implementation first tokenizes the key-value pairs then fetches them...
Plenty of background here, both in terms of software, architecture, and testing environment.Probably worth checking out if you want to get into car hacking...