Internet Bug Bounty: PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)

Description: A wild memcpy is discovered in the openssl package included in stable PHP release. During parsing a PEM certificate in opensslseal, an invalid key length is produced after parsing, eskl0 value is -1 after the call to EVPSealInit, subsequently causing a heap overflow via a wild memcpy...

Kaspersky AntiVirus - '.DEX' File Format Memory Corruption

Source: https://code.google.com/p/google-security-research/issues/detail?id=529 The attached testcase was found by fuzzing DEX files, and results in a heap overflow with a wild memcpy. Note that Kaspersky catch exceptions and continue execution, so running into unmapped pages doesn't terminate th...