Security Advisories

 

Software flaws found by Krash Consulting

Krash Consulting is tasked with the investigation of software packages to find new flaws. Once found, we work with the software owner to get the flaw registered (CVEs), and then we assist with the quickest resolution possible by providing detailed technical information, including proof of concept code. This list of advisories provides insight into the specific vulnerabilities reported.

 

  • 2020
    CVE-2020-16048: Buffer overflow in depth pitch calculations for compressed textures

    Read the advisory

    CVE-2020-26971: Heap buffer overflow in WebGL

    Read the advisory

  • 2018
    Google Chrome – Texture11 Memory Corruption in ANGLE (CVE-2018-17466)

    Read the advisory

    Google Chrome – Stack buffer overflow in SwiftShader (CVE-2018-16082)

    Read the advisory

    Google Chrome – Heap buffer overflow in WebGL TexImage3D (CVE-2018-6162)

    Read the advisory

    Google Chrome – Heap buffer overflow in WebGL FreeIds (CVE-2018-6154)

    Read the advisory

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8387)

    Read the advisory

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8262)

    Read the advisory

    Apple Safari – Memory Corruption in WebKit webGL (CVE-2018-4261)

    Read the advisory

    Microsoft Excel Information Disclosure – Formula Record (CVE-2018-8163)

    Read the advisory

    Microsoft Excel Remote Code Execution – Formula Record (CVE-2018-8162)

    Read the advisory

    Apple Safari – Memory Corruption in WebKit webGL (CVE-2018-4130)

    Read the advisory

    Microsoft Excel Remote Code Execution Vulnerability(CVE-2018-0796)

    Read the advisory

    Google Chrome – Use after free in Blink(CVE-2018-6060)

    Read the advisory

    Google Chrome – Heap buffer overflow in WebGL(CVE-2018-6073)

    Read the advisory

  • 2017
    Mozilla Firefox- Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 (CVE-2017-7845)

    Read the advisory

    Microsoft Edge – Information Disclosure Vulnerability (CVE-2017-11844)

    Read the advisory

    Microsoft Edge – Memory Corruption Vulnerability (CVE-2017-11845)

    Read the advisory

    Google Chrome – Use after free in WebAudio (CVE-2017-5129)

    Read the advisory

    Google Chrome – Heap overflow in WebGL (CVE-2017-5128)

    Read the advisory

    Firefox – Buffer overflow when drawing and validating elements with ANGLE (CVE-2017-7824)

    Read the advisory

  • 2015
    Google Chrome – Out of bounds read in webGL (CVE-2015-1240)

    Read the advisory

    Internet Explorer 11 – CSVGMarkerElement Use-After-Free (CVE-2015-1668)

    Read the advisory

    Internet Explorer 11 – SVG Marker Use-After-Free (CVE-2015-0043)

    Read the advisory

    Internet Explorer 11 – SVG Marker Use-After-Free (CVE-2015-0042)

    Read the advisory

  • 2014
    Internet Explorer 11 – Cell Resizing (CVE-2014-4128)

    Read the advisory

    Internet Explorer 11 – CSVGSVGElement Use-After-Free (CVE-2014-6354)

    Read the advisory

    Internet Explorer 11 – CElement (CVE-2014-4145)

    Read the advisory

    Internet Explorer 11 – first-letter Use-After-Free (CVE-2014-4050)

    Read the advisory

    Internet Explorer 11 – Memory Corruption (CVE-2014-1772)

    Read the advisory

    Internet Explorer 11 – Microsoft IE CSS Property / Unicode Character Handling Heap Buffer Overflow (CVE-2014-0313)

    Read the advisory

    Microsoft Windows Direct2D Crafted 2D Geometric Figure Handling Memory Corruption (CVE-2014-0263)

    Read the advisory

  • 2010
    Excel File Format Parsing Vulnerability (CVE-2010-3232)

    Read the advisory

    RealPlayer RealMedia Memory Heap Corruption Vulnerability (CVE-2010-4386)

    Read the advisory

    RealPlayer RealAudio Codec Memory Corruption Vulnerability (CVE-2010-4387)

    Read the advisory