Our research group analyzes security aspects of widely-used commercial
products, which discovered many security vulnerabilities.
Application Vulnerabilities
| Product |
CVE |
Details |
| FFmpeg |
CVE-2019-13312 |
ck_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. |
|
CVE-2019-13390 |
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. |
|
|
|
| MuPDF |
CVE-2019-14975 |
rtifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. |
|
|
|
| Nasm |
CVE-2020-24241 |
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. |
|
CVE-2020-24242 |
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. |
|
CVE-2020-24978 |
|
|
|
|
| ImageMagick |
CVE-2020-25663 |
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. |
|
CVE-2020-25664 |
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. |
|
CVE-2020-25665 |
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. |
|
|
|
| Ghostscript |
CVE-2020-16287 |
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. |
|
CVE-2020-16288 |
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. |
|
|
|
Hardware Vulnerabilities
| Product (Vendor) |
CVE |
Details |
| Morklx (OpenRISC) |
CVE-2020-13455 |
Reservation is not cancelled when there is snooping hit between lwa and swa |
|
CVE-2020-13454 |
Jump to link register does not assert illegal instruction exception |
|
CVE-2020-13453 |
Misaligned swa raise exception when reservation is not set |
| Rocket Chip (RISCV) |
CVE-2020-13251 |
Source field in ProbeAckData does not match the sink field of ProbeRequest |
|
CVE-2020-29561 |
Misaligned lr instruction on a cached line set the reservation |
| Spike (RISCV) |
CVE-2020-13456 |
Misaligned lr.d should not set load reservation |
Hypervisor Vulnerabilities