Effective Fuzzing: A Dav1d Case Study

Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, an...

Google Chrome integer overflow vulnerability (CNVD-2024-39740)

Google Chrome is a web browser from Google, an American company. An integer overflow vulnerability exists in Google Chrome versions prior to 129.0.6668.70, which can be exploited by remote attackers to perform out-of-bounds memory writes via specially crafted HTML pages...

SUSE CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9123

CVE-2024-9123 is a chromium/Chrome Skia vulnerability: an integer overflow in Skia prior to 129.0.6668.70 enables a remote attack via a crafted HTML page to trigger an out-of-bounds memory write. Affected software includes Google Chrome (Chromium-based) with versions before 129.0.6668.70; related...

CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to memory-related write operations. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error CVE-2024-41098 In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings CVE-2024-46679...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the drm/amdgpu component not validating TA binary file sizes, which could lead to an out-of-bounds write...

PT-2024-8610 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve affected versions not specified Description: The issue is related to the ctl report supported opcodes function, which did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel...

CVE-2024-44067

The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite...

T-Head XuanTie C910和C920 安全漏洞

The T-Head XuanTie C910 and T-Head XuanTie C920 are both high-efficiency CPU processors from China-based T-Head. A security vulnerability exists in the T-Head XuanTie C910 and C920 that stems from an instruction that allows an unprivileged attacker to write to an arbitrary physical memory locatio...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-0646)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0646 advisory. - An out-of-bounds memory write flaw was found in the Linux kernel's Transport Layer Security functionality in...

CVE-2021-26344

An out of bounds memory write when processing the AMD PSP1 Configuration Block APCB could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution...

CVE-2021-26344

CVE-2021-26344 is an out-of-bounds memory write in the AMD PSP1 Configuration Block (APCB) processing that could let an attacker with BIOS access modify the BIOS image and sign the result, potentially corrupting APCB and enabling arbitrary code execution. Connected sources (AMD AMD-SB-3003/AMD-SB...