grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...

CVE-2020-15705 GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...

OSV-2020-1325 Global-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21769 Crash type: Global-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int CFF::Charset0::getglyph...

OSV-2020-1246 Stack-buffer-overflow in void apply_sao_internal<unsigned short>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13643 Crash type: Stack-buffer-overflow READ 4 Crash state: void applysaointernal void applysao threadtasksao::work...

OSV-2020-1138 Heap-buffer-overflow in void apply_sao_internal<unsigned short>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14184 Crash type: Heap-buffer-overflow READ 1 Crash state: void applysaointernal void applysao threadtasksao::work...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

OSV-2020-708 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14919 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int hbmapiterthbmapiterthbarraytOT::OffsetToOT::AxisValue, OT::IntTypeu...

OSV-2020-698 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18515 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int OT::ArrayOf, OT::IntType ::...

OSV-2020-641 Use-of-uninitialized-value in bool std::__1::equal<std::__1::__wrap_iter<unsigned char const*>, std::__1::__wr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14353 Crash type: Use-of-uninitialized-value Crash state: bool std::1::equal, std::1::wr bool std::1::operator== std::1::enableifisconvertiblevdecltype...

OSV-2020-638 Heap-buffer-overflow in OT::UnsizedArrayOf<OT::IntType<unsigned char, 1u> >::copy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14637 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::UnsizedArrayOf ::copy bool OT::OffsetTo , OT::IntTy OT::NameRecord::copy...

OSV-2020-548 Heap-buffer-overflow in acommon::DecodeDirect<unsigned short>::decode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16531 Crash type: Heap-buffer-overflow READ 2 Crash state: acommon::DecodeDirect::decode acommon::Convert::convert aspellspellersuggest...

OSV-2020-412 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18503 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int decltype...

OSV-2020-347 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14825 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int OT::AxisValue::sanitize...

OSV-2020-244 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20036 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int OT::IndexArray::addindexesto...

OSV-2020-233 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20022 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int decltype...

OSV-2020-182 Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned char, 1u> const> hb_array_t<OT::IntType<unsigned

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20249 Crash type: Heap-buffer-overflow READ 1 Crash state: hbarrayt const hbarrayt ::copy OT::SBIXGlyph::copy...

OSV-2020-149 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator=

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21580 Crash type: Heap-buffer-overflow WRITE 1 Crash state: BEInt::operator= OT::IntType::operator= bool OT::ClassDefFormat1::serializehbzipiterthbsortedarraytOT::HBGlyphI...