CVE-2019-12495

CVE-2019-12495 affects Tiny C Compiler (TinyCC/TCC) 0.9.27. A crafted source file can trigger a one-byte out-of-bounds write in gsym_addr in x86_64-gen.c due to tccasm.c mishandling section switches. This was reported across multiple sources (NVD entry and Red Hat advisory) and is described as a ...

CVE-2019-12495

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsymaddr function in x8664-gen.c. This occurs because tccasm.c mishandles section switches...

CVE-2019-12495

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsymaddr function in x8664-gen.c. This occurs because tccasm.c mishandles section switches...

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation

While fuzzing Spidermonkey, I encountered the following commented and modified JavaScript program which crashes debug builds of the latest release version of Spidermonkey from commit https://github.com/mozilla/gecko-dev/commit/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c: function O1 this.s = 'foobar...

[SECURITY] Fedora 29 Update: rust-1.34.2-1.fc29

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 30 Update: rust-1.34.2-1.fc30

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

CVE-2018-12886

stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the...

UBUNTU-CVE-2018-12886

stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the...

CVE-2018-12886

stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the...

CVE-2018-12886

CVE-2018-12886: In GCC 4.1–8, on ARM targets, stack_protect_prologue/epilogue may spill the stack-protector guard address, enabling an attacker to bypass -fstack-protector families by controlling what the canary is compared against. Impact is stack overflow protection bypass; no exploitation deta...

GNU Compiler Collection Security Bypass Vulnerability

The GNU Compiler Collection GCC is an open source compiler for programming languages from the GNU Project. A security vulnerability exists in GNU GCC versions 4.1 through 8. An attacker could exploit the vulnerability to bypass security protections...

Apple macOS 10.14.5 iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free

Apple macOS 10.14.5 iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its executi...

macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit

macOS 10.14.5 / iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its...

Apple macOS &lt; 10.14.5 / iOS &lt; 12.3 DFG JIT Compiler - &#039;HasIndexedProperty&#039; Use-After-Free

See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its execution 1. With this, it is then possible for the compiler to determine whether there...

Buffer Overflow

Mozilla Thunderbird is vulnerable to buffer overflow. It does not use correct alias information in IonMonkey JIT compiler for MArraySlice in Array.prototype.slice method...

Missing Null Check

Eclipse OpenJ9 is vulnerable to missing null check vulnerability. This occurs in a part of the component JIT Compiler because the OpenJ9 JIT compiler incorrectly omits a null check on the receiver object of an Unsafe call when accelerating it...

Arbitrary Code Execution

Firefox and Firefox ESR are vulnerable to arbitrary code execution attacks. A remote user could trigger a bailout error in the JavaScript JIT compiler when inlining 'Array.prototype.push' to potentially execute arbitrary code within the sandboxed content process which may lead to disclosure of...

Trashing the Flow of Data

Posted by Stephen Röttger In this blog post I want to present crbug.com/944062, a vulnerability in Chrome’s JavaScript compiler TurboFan that was discovered independently by Samuel saelo@ via fuzzing with fuzzilli, and by myself via manual code auditing. The bug was found in beta and was fixed...

Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...

Fedora Update for mingw-qt5-qtcharts FEDORA-2019-3c45bd2cc3

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...