GraphicsMagick Information Disclosure when Describing IPTC Profile (CVE-2017-16353)
A heap-based buffer overread in the code responsible for printing IPTC information verbosely allows an attacker to leak sensitive information by supplying a ...
GraphicsMagick Heap Overflow when Describing Directories (CVE-2017-16352)
An unsafe call to strncpy in magick/describe.c causes a heap overflow when describing images with overly long directories. The vulnerable code path can be tr...
MuPDF mutools Out-of-Bounds Write Vulnerability (CVE-2017-15587)
A vulnerability in mutools PDF parsing functionality allows an attacker to write controlled data to an arbitrary location in memory due to an integer overflo...
Denial of Service Vulnerability in Libprocess (CVE-2017-9790)
A vulnerability in the libprocess dependency of Mesos allows a remote attacker to cause a crash in any Mesos component that includes the library. The bug res...
Denial of Service Vulnerability in Libprocess (CVE-2017-7687)
A vulnerability in the libprocess dependency of Mesos allows a remote attacker to cause a crash in any Mesos component that includes the library. The bug res...
GraphicsMagick NULL Pointer Dereference in DICOM Decoder (CVE-2017-14994)
A null pointer dereference vulnerability in the GraphicsMagick DICOM image decoder allows an attacker to cause a denial-of-service condition or other unspeci...
Bypassing ASLR/NX with Ret2Libc and Named Pipes
This writeup describes my solution to an assignment for school requiring us to exploit a classic buffer overflow to gain a shell using return-to-libc techniq...
Bugs that Address Sanitizer Does Not Detect
A lab for school required us to design 3 examples of memory bugs that are not detected by Address Sanitizer. I thought it was a pretty informative exercise s...
CVE-2016-10190 Detailed Writeup
FFmpeg is a popular free software project that develops libraries and programs for manipulating audio, video, and image data. The vulnerability exists in the...