796 matches found
UBUNTU-CVE-2019-12981
Ming aka libming 0.4.8 has an "fill overflow" vulnerability in the function SWFShapesetLeftFillStyle in blocks/shape.c...
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types Type Confusion A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites In...
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites In Spidermonkey, every JavaScript objects is an instance of the JSObject class 1. Plain JavaScript objects...
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
/ Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that cause type confusions between...
SpiderMonkey IonMonkey Type Confusion
Spidermonkey: IonMonkey's type inference is incorrect for constructors entered via OSR Related CVE Numbers: CVE-2019-9791. A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that...
harfbuzz/hb-shape-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5631444412530688 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow...
harfbuzz/hb-shape-fuzzer: Stack-buffer-overflow in hb_array_t<char const>::cmp
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5642666339991552 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Stack-buffer-overflow...
harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in CFF::Charset1_2<OT::IntType<unsigned char, 1u> >::get_glyph
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5632586529898496 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type:...
harfbuzz/hb-shape-fuzzer: Global-buffer-overflow in CFF::BlendArg::set_blends
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5686369209286656 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Global-buffer-overflo...
harfbuzz/hb-shape-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5700264032468992 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow...
harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in void hb_sanitize_context_t::set_object<OT::KernSubTable<OT::KernOTSubTableHeader
Detailed report: https://oss-fuzz.com/testcase?key=5680362806575104 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: void...
harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in void hb_sanitize_context_t::set_object<AAT::ChainSubtable<AAT::ExtendedTypes> >
Detailed report: https://oss-fuzz.com/testcase?key=5657878543728640 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: void...
harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in void hb_sanitize_context_t::set_object<AAT::KerxSubTable>
Detailed report: https://oss-fuzz.com/testcase?key=5072750494875648 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: void...
harfbuzz/hb-shape-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5716208469409792 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow...
harfbuzz/hb-shape-fuzzer: Crash in BEInt<short, 2>::operator short
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5754863779053568 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: UNKNOWN READ Crash...
harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in AAT::KerxSubTableFormat1<AAT::KerxSubTableHeader>::driver_context_t::transition
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5749627240841216 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type:...
harfbuzz/hb-shape-fuzzer: Crash in BEInt<short, 2>::operator short
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5629524117553152 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN READ Crash...
harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in hb_kern_machine_t<OT::KernSubTableFormat3>::kern
Detailed report: https://oss-fuzz.com/testcase?key=5644258942386176 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
harfbuzz/hb-shape-fuzzer: Heap-buffer-overflow in BEInt<unsigned char, 1>::operator unsigned char
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5735679418433536 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow...
harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in bool hb_sanitize_context_t::check_array<OT::IntType<unsigned char, 1u> >
Detailed report: https://oss-fuzz.com/testcase?key=5097734906839040 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: bool...