3 matches found
OSV-2020-188 Heap-buffer-overflow in BEInt<short, 2>::operator short
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20924 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator short OT::IntType::operator int OT::TupleVarHeader::calculatescalar...
OSV-2020-147 Heap-buffer-overflow in BEInt<short, 2>::operator short
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21026 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator short OT::IntType::operator int OT::TupleVarHeader::calculatescalar...
OSV-2020-130 Use-of-uninitialized-value in OT::TupleVarHeader::calculate_scalar
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20919 Crash type: Use-of-uninitialized-value Crash state: OT::TupleVarHeader::calculatescalar OT::gvar::acceleratort::applydeltastopoints bool OT::glyf::Glyph::getpointsbool OT::glyf::acceleratort::getpointsOT::gl...