CVE-2015-2003

Summary: CVE-2015-2003 affects the PJSIP PJSUA2 SDK for Android prior to SVN Changeset 51322. The underlying issue is in a Serializable class’s finalize method, which improperly passes an attacker-controlled pointer to a native function, enabling arbitrary code execution. Documents consistently d...

CVE-2015-2004

The GraceNote GNSDK SDK for Android is affected (before SVN Changeset 1.1.7). A root cause in the Serializable class’s finalize method improperly passes an attacker-controlled pointer to a native function, enabling arbitrary code execution on vulnerable versions. Affected product: GraceNote GNSDK...

CVE-2015-2000

CVE-2015-2000 affects the Jumio SDK for Android prior to 1.5.0. The issue arises from a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function, allowing arbitrary code execution. Affected product: Jumio SDK for Android (pre-1.5.0). Impac...

PHP 5.45.55.6 - Unserialize() Use-After-Free

PHP 5.45.55.6 - Unserialize Use-After-Free Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks...

PHP unserialize() Use-After-Free Vulnerabilities

Exploit for php platform in category dos / poc Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory...

PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free

Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affect...