last updated : 26-August-2022
Following are list of CVE’s which i found and reported to vendors:
Year – 2022
ImageMagick – https://nvd.nist.gov/vuln/detail/CVE-2022-3213
LibRaw Issues:
https://github.com/LibRaw/LibRaw/issues/487
ImageMagick Security Issues:
https://github.com/ImageMagick/ImageMagick/commit/264d91e02a2e9c6ec318d751956000d19d5617fc
https://github.com/ImageMagick/ImageMagick/commit/e389397b2be1a1b586923f279b1f2c36b28b1eb0
https://github.com/ImageMagick/ImageMagick/commit/2dc49e8b98051d1ed1eb52f84c93941e2f3f9bc8
https://github.com/ImageMagick/ImageMagick/commit/2305c702ea8d2d911f1be2e7690103e2f3cc8a2e
Year – 2021
Microsoft
CVE-2021-40465 – Windows Text Shaping Remote Code Execution Vulnerability
CVE-2021-1665 – GDI+ Remote Code Execution Vulnerability
ImageMagick Security issues:
CVE-2020-27829 – Heap overflow in imagemagick
LibTiff Security Issues:
CVE-2020-35521– libtiff: memory allocation failure in malloc in tif_read.c
CVE-2020-35522 – libtiff: memory malloc failure in tif_pixarlog.c
CVE-2020-35523 – libtiff: integer overflow vulnerability exists in tif_getimage.c
CVE-2020-35524 – libtiff: heap-based buffer overflow in TIFF2PDF tool
Year – 2020
Microsoft Products security Issues:
- Windows GDI Information Disclosure Vulnerability (CVE-2020-0744 )
- Windows GDI Information Disclosure Vulnerability (CVE-2020-0879 )
- Windows GDI Information Disclosure Vulnerability(CVE-2020-0874 )
- Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0995)
- GDI+ Remote Code Execution Vulnerability (CVE-2020-0964)
- Microsoft Graphics Remote Code Execution Vulnerability (CVE-2020-0687 )
- Windows GDI Information Disclosure Vulnerability(CVE-2020-1179)
- Windows GDI Information Disclosure Vulnerability(CVE-2020-1145)
- Windows GDI Information Disclosure Vulnerability(CVE-2020-1141)
- Microsoft Graphics Component Information Disclosure Vulnerability(CVE-2020-1160)
Adobe Products Security Issues(No cves):
PSIRT-13326 – stack buffer overflow issue in afdko,svread.c
PSIRT-13328 – Stack Use After Scope in afdko while processing pfa file.
PSIRT-13332 – Heap use after free in afdko/c/public/lib/source/t1read/t1read.c:2082
PSIRT-13410 – ASAN LargeMmapAllocator fails in afdko/c/public/lib/source/tx_shared/
PSIRT-13411 – Integer overflow error occurs while processing a malformed TTF file
TCPDump Security Issues:
CVE-2020-8037 – The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVE-2020-8038 – TcpDump vulnerability
Year – 2019
- Jet Database Engine Remote Code Execution VulnerabilityJet Database Engine Remote Code Execution Vulnerability (CVE-2019-0580)
- Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0579)
- Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0576)
- Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0577)
- Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0538)
- Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0879)
- Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0889 )
- Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0891)
- Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0899)
- Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-0902)
- MSRC Case : XXXXX[13-June-2019]
- Vendor response – Thank you for your submission. We determined your finding is valid but does not meet our bar for servicing.
- MSRC Case: XXXXX[20-Aug-19]
- Vendor Response – Thank you for your submission. We determined your finding is valid but does not meet our bar for servicing. For more information, please see the Microsoft Security Servicing Criteria for Windows (https://aka.ms/windowscriteria).
- MSRC Case: XXXXX[15-Aug-19]
- Vendor Response – Thank you for your submission. We determined your finding does not meet our bar for servicing. For more information, please see the Microsoft Security Servicing Criteria for Windows (https://aka.ms/windowscriteria)We have closed this case.
- Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-1243)
- Jet Database Engine Remote Code Execution Vulnerability(CVE-2019-1250)