Vulnerabilities I've Published

The following is a list of all publicly disclosed vulnerabilities I discovered not restricted under NDA. See also my blog for more details on the individual vulnerabilities.

TKADV2017-001 - Mozilla Firefox and Thunderbird Out-of-bounds Array Access 
                in WebGLTexture::ImageInfoAtFace 
| CVE-ID                   : CVE-2017-7754
| Mozilla Security Advisory: MSFA2017-15 (Firefox 54)
| Mozilla Security Advisory: MSFA2017-16 (Firefox ESR 52.2)
| Mozilla Security Advisory: MSFA2017-17 (Thunderbird 52.2)

TKADV2013-003 - Apple Mac OS X QuickDraw Manager PICT Buffer Overflow
                Vulnerability 
| CVE-ID                : CVE-2013-0975
| Apple Security Update : APPLE-SA-2013-06-04-1

TKADV2013-002 - Adobe Reader and Acrobat Integer Overflow Vulnerability 
| CVE-ID                : CVE-2013-2727
| Adobe Security Update : APSB13-15

TKADV2013-001 - Apple Mac OS X PDF Ink Annotations Use-After-Free
                Vulnerability 
| CVE-ID                : CVE-2013-0971
| Apple Security Update : APPLE-SA-2013-03-14-1

TKADV2011-004 - Apple iOS OfficeImport Word Document Parsing Memory 
                Corruption Vulnerability 
| CVE-ID                : CVE-2011-3260
| Apple Security Update : APPLE-SA-2011-10-12-1 (iOS)

TKADV2011-003 - Apple iOS OfficeImport Excel Double Free Vulnerability 
| CVE-ID                : CVE-2011-3261
| Apple Security Update : APPLE-SA-2011-10-12-1 (iOS)

TKADV2011-002 - Apple iOS and Mac OS X OfficeImport Word sprmTInsert 
                Record Uninitialized Memory Vulnerability 
| CVE-ID                : CVE-2011-0208
| Apple Security Updates: APPLE-SA-2011-06-23-1 (Mac OS X)
                          APPLE-SA-2011-10-12-1 (iOS)

TKADV2011-001 - Apple iOS and Mac OS X OfficeImport Excel SHRFMLA 
                Record Memory Corruption Vulnerability 
| CVE-ID                : CVE-2011-0184
| Apple Security Updates: APPLE-SA-2011-03-21-1 (Mac OS X)
                          APPLE-SA-2011-10-12-1 (iOS)

TKADV2010-006 - Apple iOS and Mac OS X OfficeImport Excel USREXCL 
                Record Memory Corruption Vulnerability
| CVE-ID                : CVE-2010-3786
| Apple Security Updates: APPLE-SA-2010-11-10-1 (Mac OS X)
                          APPLE-SA-2010-11-22-1 (iOS)
                          http://support.apple.com/kb/HT4830 (iWork)
                          APPLE-SA-2011-10-12-6 (Numbers for iOS)

TKADV2010-005 - Oracle Solaris Zones RPCSEC_GSS Denial of Service 
                Vulnerability
| Release Date          : 15-Jul-2010
| Last Modified         : 15-Jul-2010 
| CVE-ID                : CVE-2010-2393

TKADV2010-004 - Google Chrome OOB Array Indexing Bug
| Release Date          : 31-Mar-2010
| Last Modified         : 31-Mar-2010 
| CVE-ID                : not assigned yet

TKADV2010-003 - avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption
| Release Date          : 22-Feb-2010
| Last Modified         : 22-Feb-2010 
| Patch development time: 10 days
| CVE-ID                : CVE-2010-0705

TKADV2010-002 - Apple iPhone OS and Mac OS X CoreAudio Stack Buffer 
                Overflow
| Release Date          : 02-Feb-2010
| Last Modified         : 02-Feb-2010 
| Patch development time: 107 days (Mac OS X), 121 days (iPhone OS)
| CVE-ID                : CVE-2010-0036

TKADV2010-001 - Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL 
                Pointer Dereference
| Release Date          : 31-Jan-2010
| Last Modified         : 31-Jan-2010 
| Patch development time: 61 days
| CVE-ID                : CVE-2010-0453

TKADV2009-007 - Apple iPhone OS AudioCodecs Heap Buffer Overflow
| Release Date          : 09-Sep-2009
| Last Modified         : 09-Sep-2009 
| Patch development time: 158 days
| CVE-ID                : CVE-2009-2206

TKADV2009-006 - libsndfile/Winamp VOC Processing Heap Buffer Overflow
| Release Date          : 16-May-2009
| Last Modified         : 16-May-2009 
| Patch development time: 26 days
| CVE-ID                : CVE-2009-1788

TKADV2009-005 - xine-lib Quicktime STTS Atom Integer Overflow
| Release Date          : 04-Apr-2009
| Last Modified         : 04-Apr-2009 
| Patch development time: 30 days
| CVE-ID                : CVE-2009-1274

TKADV2009-004 - FFmpeg Type Conversion Vulnerability
| Release Date          : 18-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 1 day (exactly 2h)
| CVE-ID                : CVE-2009-0385

TKADV2009-003 - GStreamer Heap Overflow and Array Index out of Bounds 
                Vulnerabilities
| Release Date          : 22-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 5 days
| CVE-IDs               : CVE-2009-0386, CVE-2009-0387, CVE-2009-0397

TKADV2009-002 - Amarok Integer Overflow and Unchecked Allocation 
                Vulnerabilities
| Release Date          : 11-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 7 days
| CVE-IDs               : CVE-2009-0135, CVE-2009-0136

TKADV2009-001 - Sun Solaris aio_suspend() Kernel Integer Overflow 
                Vulnerability
| Release Date          : 18-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 115 days
| CVE-ID                : CVE-2009-0132

TKADV2008-015 - Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer 
                dereference
| Release Date          : 17-Dec-2008
| Last Modified         : 15-Feb-2009 
| Patch development time: 471 days
| CVE-ID                : CVE-2008-5689

TKADV2008-014 - MPlayer TwinVQ Processing Stack Buffer Overflow 
                Vulnerability
| Release Date          : 14-Dec-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 8 days
| CVE-ID                : CVE-2008-5616

TKADV2008-013 - VLC media player RealMedia Processing Integer Overflow 
                Vulnerability
| Release Date          : 30-Nov-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 16 days
| CVE-ID                : CVE-2008-5276

TKADV2008-012 - VLC media player cue Processing Stack Buffer 
                Overflow Vulnerability
| Release Date          : 05-Nov-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 2 days
| CVE-ID                : CVE-2008-5032

TKADV2008-011 - VLC media player RealText Processing Stack Buffer
                Overflow Vulnerability
| Release Date          : 05-Nov-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 2 days
| CVE-ID                : CVE-2008-5036

TKADV2008-010 - VLC media player TiVo ty Processing Stack Buffer
                Overflow Vulnerability
| Release Date          : 20-Oct-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 1 day
| CVE-ID                : CVE-2008-4654

TKADV2008-009 - WebEx Meeting Manager ActiveX Stack Buffer Overflow
| Release Date          : 21-Sep-2008 
| Last Modified         : 21-Sep-2008 
| Patch development time: n/a
| CVE-ID                : CVE-2008-3558

TKADV2008-008 - G DATA AntiVirus/InternetSecurity/TotalCare 2008 
                GDTdiIcpt.sys Memory Corruption Vulnerability
| Release Date          : 17-Sep-2008 
| Last Modified         : 17-Sep-2008 
| Patch development time: 294 days
| CVE-ID                : not assigned yet

TKADV2008-007 - Linux Kernel SCTP-AUTH API Information Disclosure 
                Vulnerability and NULL Pointer Dereferences
| Release Date          : 09-Sep-2008 
| Last Modified         : 10-Sep-2008 
| Patch development time: 1 day
| CVE-ID                : CVE-2008-3792

TKADV2008-006 - CA HIPS KmxFw.sys Kernel Memory Corruption
| Release Date          : 12-Aug-2008 
| Last Modified         : 12-Aug-2008 
| Patch development time: 158 days
| CVE-ID                : CVE-2008-2926

TKADV2008-005 - Linux Kernel snd_seq_oss_synth_make_info() Information 
                Disclosure Vulnerability
| Release Date          : 06-Aug-2008 
| Last Modified         : 06-Aug-2008 
| Patch development time: 4 days
| CVE-ID                : CVE-2008-3272

TKADV2008-004 - Kaspersky kl1.sys Kernel Stack Overflow
| Release Date          : 06-Jun-2008 
| Last Modified         : 12-Jun-2008 
| Patch development time: 78 days
| CVE-ID                : CVE-2008-1518

TKADV2008-003 - Sun Solaris SIOCSIPMSFILTER Kernel Integer Overflow
| Release Date          : 13-Jun-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 298 days
| CVE-ID                : CVE-2008-2710

TKADV2008-002 - avast! 4.7 aavmker4.sys Kernel Memory Corruption
| Release Date          : 30-Mar-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 13 days
| CVE-ID                : CVE-2008-1625

TKADV2008-001 - Panda Internet Security/Antivirus+Firewall 2008 
                cpoint.sys Kernel Driver Memory Corruption Vulnerability
| Release Date          : 08-Mar-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 60 days
| CVE-ID                : CVE-2008-1471

TKADV2007-001 - Mac OS X TIOCSETD IOCTL Kernel Memory Corruption 
                Vulnerability
| Release Date          : 15-Nov-2007 
| Last Modified         : 15-Nov-2007 
| Patch development time: 241 days
| CVE-ID                : CVE-2007-4686

TKADV2007-002 - Apple QuickTime STSD Heap Overflow Vulnerability
| Release Date          : 06-Nov-2007 
| Last Modified         : 06-Nov-2007 
| Patch development time: 175 days
| CVE-ID                : CVE-2007-3750

TKADV2007-003 - Mac OS X AppleTalk AIOCSETZNUSAGE IOCTL Kernel Stack 
                Buffer Overflow
| Release Date          : 01-Mar-2008 
| Last Modified         : 01-Mar-2008 
| Patch development time: 99 days
| CVE-ID                : CVE-2007-4267

TKADV2007-005 - Check Point VPN-1 SecuRemote/SecureClient fw.sys Kernel 
                Driver Memory Corruption Vulnerability
| Release Date          : 18-Nov-2007
| Last Modified         : 18-Nov-2007
| Patch development time: 37 days
| CVE-ID                : not assigned yet

TKADV2005-12-001 - Multiple SQL Injection vulnerabilities in MyBB
| Release Date          : 23-Dec-2005 
| Last Modified         : 23-Dec-2005 
| CVE-ID                : CVE-2005-4200

TKADV2005-11-004 - Multiple Cross Site Scripting vulnerabilities in 
                   phpMyFAQ
| Release Date          : 19-Nov-2005
| Last Modified         : 19-Nov-2005
| CVE-ID                : CVE-2005-3734

TKADV2005-11-002 - Multiple vulnerabilities in Mantis
| Release Date          : 23-Dec-2005
| Last Modified         : 23-Dec-2005
| CVE-IDs               : CVE-2005-4518, CVE-2005-4519, CVE-2005-4520, 
                          CVE-2005-4521, CVE-2005-4522, CVE-2005-4523, 
                          CVE-2005-4524

TKADV2005-11-001 - Multiple vulnerabilities in PHPlist
| Release Date          : 07-Nov-2005
| Last Modified         : 07-Nov-2005
| CVE-IDs               : CVE-2005-3555, CVE-2005-3556, CVE-2005-3557

TKADV2005-10-001 - Multiple Cross Site Scripting vulnerabilities in 
                   phpMyAdmin
| Release Date          : 22-Oct-2005
| Last Modified         : 28-Oct-2005
| CVE-ID                : CVE-2005-3301 


Patch Notifications


TKPN2005-12-001 - Multiple critical vulnerabilities in MyBB
| Release Date         : 09-Dec-2005
| Last Modified        : 09-Dec-2005
| Advisory Release Date: Advisory TKADV2005-12-001 already released on 
                         2005/12/23