ShadyShader: Crashing Apple Devices with a Single Click

Introduction A while ago, we discovered an interesting vulnerability in the GPU’s drivers of iPhones, iPads, and macOS computers with M-series chips. Dubbed ShadyShader, this flaw allows a specially crafted shader program to overwhelm Apple’s GPU, causing repeated freezes that ultimately lead to ...

SUSE CVE-2017-6317

Memory leak in the addshaderprogram function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service host memory consumption via vectors involving the sprog variable...

DEBIAN-CVE-2017-6317

Memory leak in the addshaderprogram function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service host memory consumption via vectors involving the sprog variable...

UBUNTU-CVE-2017-6317

Memory leak in the addshaderprogram function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service host memory consumption via vectors involving the sprog variable...

CVE-2017-6317

Memory leak in the addshaderprogram function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service host memory consumption via vectors involving the sprog variable...

From inter to intra: gaining reliability

Posted by Chris Evans, avoider of crossing heap lines. Part 2 of 4. In the first post in this series, we concluded with a traditional exploit for Adobe Flash bug 324, and noted that it could never be 100% reliable. We also challenged ourselves to do better! Is there some way we can leverage the...

Ubuntu 11.04 : firefox vulnerabilities (USN-1192-1)

Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. CVE-2011-2989 Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could...

Ubuntu 11.04 : mozvoikko update (USN-1192-2)

USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6. Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking...

SeaMonkey < 2.3.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.3.0. Such versions are potentially affected by the following security issues : - An error in SVG text manipulation code creates a dangling pointer vulnerability. CVE-2011-0084 - Multiple, unspecified memory safety issues exist. CVE-2011-2985 - ...