Vulnerabilities/Advisories/Exploits

last updated : 26-August-2022

Following are list of CVE’s which i found and reported to vendors:

Year – 2022

ImageMagick – https://nvd.nist.gov/vuln/detail/CVE-2022-3213

LibRaw Issues:

https://github.com/LibRaw/LibRaw/issues/487

ImageMagick Security Issues:

https://github.com/ImageMagick/ImageMagick/commit/264d91e02a2e9c6ec318d751956000d19d5617fc

https://github.com/ImageMagick/ImageMagick/commit/e389397b2be1a1b586923f279b1f2c36b28b1eb0

https://github.com/ImageMagick/ImageMagick/commit/2dc49e8b98051d1ed1eb52f84c93941e2f3f9bc8

https://github.com/ImageMagick/ImageMagick/commit/2305c702ea8d2d911f1be2e7690103e2f3cc8a2e

Year – 2021

Microsoft

CVE-2021-40465 – Windows Text Shaping Remote Code Execution Vulnerability

CVE-2021-1665 – GDI+ Remote Code Execution Vulnerability

ImageMagick Security issues:

CVE-2020-27829 – Heap overflow in imagemagick

LibTiff Security Issues:

CVE-2020-35521– libtiff: memory allocation failure in malloc in tif_read.c

CVE-2020-35522 – libtiff: memory malloc failure in tif_pixarlog.c

CVE-2020-35523 – libtiff: integer overflow vulnerability exists in tif_getimage.c

CVE-2020-35524 – libtiff: heap-based buffer overflow in TIFF2PDF tool

Year – 2020

Microsoft Products security Issues:

  1. Windows GDI Information Disclosure Vulnerability (CVE-2020-0744 )
  2. Windows GDI Information Disclosure Vulnerability (CVE-2020-0879 )
  3. Windows GDI Information Disclosure Vulnerability(CVE-2020-0874 )
  4. Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0995)
  5. GDI+ Remote Code Execution Vulnerability (CVE-2020-0964)
  6. Microsoft Graphics Remote Code Execution Vulnerability (CVE-2020-0687 )
  7. Windows GDI Information Disclosure Vulnerability(CVE-2020-1179)
  8. Windows GDI Information Disclosure Vulnerability(CVE-2020-1145)
  9. Windows GDI Information Disclosure Vulnerability(CVE-2020-1141)
  10. Microsoft Graphics Component Information Disclosure Vulnerability(CVE-2020-1160)

Adobe Products Security Issues(No cves):

PSIRT-13326 – stack buffer overflow issue in afdko,svread.c

PSIRT-13328 – Stack Use After Scope in afdko while processing pfa file.

PSIRT-13332 – Heap use after free in afdko/c/public/lib/source/t1read/t1read.c:2082

PSIRT-13410 – ASAN LargeMmapAllocator fails in afdko/c/public/lib/source/tx_shared/

PSIRT-13411 – Integer overflow error occurs while processing a malformed TTF file

TCPDump Security Issues:

CVE-2020-8037 – The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

CVE-2020-8038 – TcpDump vulnerability

Year – 2019

  1. Jet Database Engine Remote Code Execution VulnerabilityJet Database Engine Remote Code Execution Vulnerability (CVE-2019-0580)
  2. Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0579)
  3. Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0576)
  4. Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0577)
  5. Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0538)
  6. Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0879)
  7. Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0889 )
  8. Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0891)
  9. Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0899)
  10. Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0902)
  11. MSRC Case : XXXXX[13-June-2019]
    • Vendor response – Thank you for your submission. We determined your finding is valid but does not meet our bar for servicing. 
  12. MSRC Case: XXXXX[20-Aug-19]
    • Vendor Response – Thank you for your submission. We determined your finding is valid but does not meet our bar for servicing. For more information, please see the Microsoft Security Servicing Criteria for Windows (https://aka.ms/windowscriteria).
  13. MSRC Case: XXXXX[15-Aug-19]
    • Vendor Response – Thank you for your submission. We determined your finding does not meet our bar for servicing. For more information, please see the Microsoft Security Servicing Criteria for Windows (https://aka.ms/windowscriteria)We have closed this case.
  14. Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-1243)
  15. Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-1250)