(Pwn2Own) Samsung Galaxy S10 FileWriter Use-After-Free Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Galaxy S10. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling o...

Google Chrome < M73 - FileSystemOperationRunner Use-After-Free

There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine whether OperationID // wrap-around is occurring in the wild...

Google Chrome M73 - FileSystemOperationRunner Use-After-Free

Google Chrome M73 - FileSystemOperationRunner Use-After-Free There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine...

Google Chrome M72 - FileWriterImpl Use-After-Free

Google Chrome M72 - FileWriterImpl Use-After-Free There's a use-after-free in the implementation of the FileWriter component of the mojo bindings for the filesystem API. The browser-process side of this API is defined in...

DEBIAN-CVE-2018-7730

An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIRFileWriter.cpp, leading to a heap-based buffer over-read in the PSDMetaHandler::CacheFileData function...