Vulnerabilities I've Published

The following is a list of all publicly disclosed vulnerabilities I discovered not restricted under NDA. See also my blog for more details on the individual vulnerabilities.

TKADV2018-001 — Google Chrome Signed Integer Overflow Vulnerability in 
                blink::WebGLRenderingContextBase::ValidateTexImageSubRectangle
| CVE-ID              : CVE-2018-6034
| Chrome Release Notes: Stable Channel Update for Desktop (January 24, 2018)

TKADV2017-003 — Google Chrome Heap Buffer Overflow Vulnerability in 
                gpu::gles2::GLES2Implementation::ReadPixels 
| CVE-ID              : CVE-2017-5112
| Chrome Release Notes: Stable Channel Update for Desktop (September 5, 2017)

TKADV2017-002 — Google Chrome Use of Uninitialized Memory Vulnerability in 
                SkPathMeasure::distanceToSegment 
| CVE-ID              : CVE-2017-5117
| Chrome Release Notes: Stable Channel Update for Desktop (September 5, 2017)

TKADV2017-001 — Mozilla Firefox and Thunderbird Out-of-bounds Array Access 
                in WebGLTexture::ImageInfoAtFace 
| CVE-ID                   : CVE-2017-7754
| Mozilla Security Advisory: MSFA2017-15 (Firefox 54)
| Mozilla Security Advisory: MSFA2017-16 (Firefox ESR 52.2)
| Mozilla Security Advisory: MSFA2017-17 (Thunderbird 52.2)

TKADV2013-003 — Apple Mac OS X QuickDraw Manager PICT Buffer Overflow
                Vulnerability 
| CVE-ID                : CVE-2013-0975
| Apple Security Update : APPLE-SA-2013-06-04-1

TKADV2013-002 — Adobe Reader and Acrobat Integer Overflow Vulnerability 
| CVE-ID                : CVE-2013-2727
| Adobe Security Update : APSB13-15

TKADV2013-001 — Apple Mac OS X PDF Ink Annotations Use-After-Free
                Vulnerability 
| CVE-ID                : CVE-2013-0971
| Apple Security Update : APPLE-SA-2013-03-14-1

TKADV2011-004 — Apple iOS OfficeImport Word Document Parsing Memory 
                Corruption Vulnerability 
| CVE-ID                : CVE-2011-3260
| Apple Security Update : APPLE-SA-2011-10-12-1 (iOS)

TKADV2011-003 — Apple iOS OfficeImport Excel Double Free Vulnerability 
| CVE-ID                : CVE-2011-3261
| Apple Security Update : APPLE-SA-2011-10-12-1 (iOS)

TKADV2011-002 — Apple iOS and Mac OS X OfficeImport Word sprmTInsert 
                Record Uninitialized Memory Vulnerability 
| CVE-ID                : CVE-2011-0208
| Apple Security Updates: APPLE-SA-2011-06-23-1 (Mac OS X)
                          APPLE-SA-2011-10-12-1 (iOS)

TKADV2011-001 — Apple iOS and Mac OS X OfficeImport Excel SHRFMLA 
                Record Memory Corruption Vulnerability 
| CVE-ID                : CVE-2011-0184
| Apple Security Updates: APPLE-SA-2011-03-21-1 (Mac OS X)
                          APPLE-SA-2011-10-12-1 (iOS)

TKADV2010-006 — Apple iOS and Mac OS X OfficeImport Excel USREXCL 
                Record Memory Corruption Vulnerability
| CVE-ID                : CVE-2010-3786
| Apple Security Updates: APPLE-SA-2010-11-10-1 (Mac OS X)
                          APPLE-SA-2010-11-22-1 (iOS)
                          http://support.apple.com/kb/HT4830 (iWork)
                          APPLE-SA-2011-10-12-6 (Numbers for iOS)

TKADV2010-005 — Oracle Solaris Zones RPCSEC_GSS Denial of Service 
                Vulnerability
| Release Date          : 15-Jul-2010
| Last Modified         : 15-Jul-2010 
| CVE-ID                : CVE-2010-2393

TKADV2010-004 — Google Chrome OOB Array Indexing Bug
| Release Date          : 31-Mar-2010
| Last Modified         : 31-Mar-2010 
| CVE-ID                : not assigned yet

TKADV2010-003 — avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption
| Release Date          : 22-Feb-2010
| Last Modified         : 22-Feb-2010 
| Patch development time: 10 days
| CVE-ID                : CVE-2010-0705

TKADV2010-002 — Apple iPhone OS and Mac OS X CoreAudio Stack Buffer 
                Overflow
| Release Date          : 02-Feb-2010
| Last Modified         : 02-Feb-2010 
| Patch development time: 107 days (Mac OS X), 121 days (iPhone OS)
| CVE-ID                : CVE-2010-0036

TKADV2010-001 — Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL 
                Pointer Dereference
| Release Date          : 31-Jan-2010
| Last Modified         : 31-Jan-2010 
| Patch development time: 61 days
| CVE-ID                : CVE-2010-0453

TKADV2009-007 — Apple iPhone OS AudioCodecs Heap Buffer Overflow
| Release Date          : 09-Sep-2009
| Last Modified         : 09-Sep-2009 
| Patch development time: 158 days
| CVE-ID                : CVE-2009-2206

TKADV2009-006 — libsndfile/Winamp VOC Processing Heap Buffer Overflow
| Release Date          : 16-May-2009
| Last Modified         : 16-May-2009 
| Patch development time: 26 days
| CVE-ID                : CVE-2009-1788

TKADV2009-005 — xine-lib Quicktime STTS Atom Integer Overflow
| Release Date          : 04-Apr-2009
| Last Modified         : 04-Apr-2009 
| Patch development time: 30 days
| CVE-ID                : CVE-2009-1274

TKADV2009-004 — FFmpeg Type Conversion Vulnerability
| Release Date          : 18-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 1 day (exactly 2h)
| CVE-ID                : CVE-2009-0385

TKADV2009-003 — GStreamer Heap Overflow and Array Index out of Bounds 
                Vulnerabilities
| Release Date          : 22-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 5 days
| CVE-IDs               : CVE-2009-0386, CVE-2009-0387, CVE-2009-0397

TKADV2009-002 — Amarok Integer Overflow and Unchecked Allocation 
                Vulnerabilities
| Release Date          : 11-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 7 days
| CVE-IDs               : CVE-2009-0135, CVE-2009-0136

TKADV2009-001 — Sun Solaris aio_suspend() Kernel Integer Overflow 
                Vulnerability
| Release Date          : 18-Jan-2009
| Last Modified         : 15-Feb-2009 
| Patch development time: 115 days
| CVE-ID                : CVE-2009-0132

TKADV2008-015 — Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer 
                dereference
| Release Date          : 17-Dec-2008
| Last Modified         : 15-Feb-2009 
| Patch development time: 471 days
| CVE-ID                : CVE-2008-5689

TKADV2008-014 — MPlayer TwinVQ Processing Stack Buffer Overflow 
                Vulnerability
| Release Date          : 14-Dec-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 8 days
| CVE-ID                : CVE-2008-5616

TKADV2008-013 — VLC media player RealMedia Processing Integer Overflow 
                Vulnerability
| Release Date          : 30-Nov-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 16 days
| CVE-ID                : CVE-2008-5276

TKADV2008-012 — VLC media player cue Processing Stack Buffer 
                Overflow Vulnerability
| Release Date          : 05-Nov-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 2 days
| CVE-ID                : CVE-2008-5032

TKADV2008-011 — VLC media player RealText Processing Stack Buffer
                Overflow Vulnerability
| Release Date          : 05-Nov-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 2 days
| CVE-ID                : CVE-2008-5036

TKADV2008-010 — VLC media player TiVo ty Processing Stack Buffer
                Overflow Vulnerability
| Release Date          : 20-Oct-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 1 day
| CVE-ID                : CVE-2008-4654

TKADV2008-009 — WebEx Meeting Manager ActiveX Stack Buffer Overflow
| Release Date          : 21-Sep-2008 
| Last Modified         : 21-Sep-2008 
| Patch development time: n/a
| CVE-ID                : CVE-2008-3558

TKADV2008-008 — G DATA AntiVirus/InternetSecurity/TotalCare 2008 
                GDTdiIcpt.sys Memory Corruption Vulnerability
| Release Date          : 17-Sep-2008 
| Last Modified         : 17-Sep-2008 
| Patch development time: 294 days
| CVE-ID                : not assigned yet

TKADV2008-007 — Linux Kernel SCTP-AUTH API Information Disclosure 
                Vulnerability and NULL Pointer Dereferences
| Release Date          : 09-Sep-2008 
| Last Modified         : 10-Sep-2008 
| Patch development time: 1 day
| CVE-ID                : CVE-2008-3792

TKADV2008-006 — CA HIPS KmxFw.sys Kernel Memory Corruption
| Release Date          : 12-Aug-2008 
| Last Modified         : 12-Aug-2008 
| Patch development time: 158 days
| CVE-ID                : CVE-2008-2926

TKADV2008-005 — Linux Kernel snd_seq_oss_synth_make_info() Information 
                Disclosure Vulnerability
| Release Date          : 06-Aug-2008 
| Last Modified         : 06-Aug-2008 
| Patch development time: 4 days
| CVE-ID                : CVE-2008-3272

TKADV2008-004 — Kaspersky kl1.sys Kernel Stack Overflow
| Release Date          : 06-Jun-2008 
| Last Modified         : 12-Jun-2008 
| Patch development time: 78 days
| CVE-ID                : CVE-2008-1518

TKADV2008-003 — Sun Solaris SIOCSIPMSFILTER Kernel Integer Overflow
| Release Date          : 13-Jun-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 298 days
| CVE-ID                : CVE-2008-2710

TKADV2008-002 — avast! 4.7 aavmker4.sys Kernel Memory Corruption
| Release Date          : 30-Mar-2008 
| Last Modified         : 20-Dec-2008 
| Patch development time: 13 days
| CVE-ID                : CVE-2008-1625

TKADV2008-001 — Panda Internet Security/Antivirus+Firewall 2008 
                cpoint.sys Kernel Driver Memory Corruption Vulnerability
| Release Date          : 08-Mar-2008
| Last Modified         : 20-Dec-2008 
| Patch development time: 60 days
| CVE-ID                : CVE-2008-1471

TKADV2007-001 — Mac OS X TIOCSETD IOCTL Kernel Memory Corruption 
                Vulnerability
| Release Date          : 15-Nov-2007 
| Last Modified         : 15-Nov-2007 
| Patch development time: 241 days
| CVE-ID                : CVE-2007-4686

TKADV2007-002 — Apple QuickTime STSD Heap Overflow Vulnerability
| Release Date          : 06-Nov-2007 
| Last Modified         : 06-Nov-2007 
| Patch development time: 175 days
| CVE-ID                : CVE-2007-3750

TKADV2007-003 — Mac OS X AppleTalk AIOCSETZNUSAGE IOCTL Kernel Stack 
                Buffer Overflow
| Release Date          : 01-Mar-2008 
| Last Modified         : 01-Mar-2008 
| Patch development time: 99 days
| CVE-ID                : CVE-2007-4267

TKADV2007-005 — Check Point VPN-1 SecuRemote/SecureClient fw.sys Kernel 
                Driver Memory Corruption Vulnerability
| Release Date          : 18-Nov-2007
| Last Modified         : 18-Nov-2007
| Patch development time: 37 days
| CVE-ID                : not assigned yet

TKADV2005-12-001 — Multiple SQL Injection vulnerabilities in MyBB
| Release Date          : 23-Dec-2005 
| Last Modified         : 23-Dec-2005 
| CVE-ID                : CVE-2005-4200

TKADV2005-11-004 — Multiple Cross Site Scripting vulnerabilities in 
                   phpMyFAQ
| Release Date          : 19-Nov-2005
| Last Modified         : 19-Nov-2005
| CVE-ID                : CVE-2005-3734

TKADV2005-11-002 — Multiple vulnerabilities in Mantis
| Release Date          : 23-Dec-2005
| Last Modified         : 23-Dec-2005
| CVE-IDs               : CVE-2005-4518, CVE-2005-4519, CVE-2005-4520, 
                          CVE-2005-4521, CVE-2005-4522, CVE-2005-4523, 
                          CVE-2005-4524

TKADV2005-11-001 — Multiple vulnerabilities in PHPlist
| Release Date          : 07-Nov-2005
| Last Modified         : 07-Nov-2005
| CVE-IDs               : CVE-2005-3555, CVE-2005-3556, CVE-2005-3557

TKADV2005-10-001 — Multiple Cross Site Scripting vulnerabilities in 
                   phpMyAdmin
| Release Date          : 22-Oct-2005
| Last Modified         : 28-Oct-2005
| CVE-ID                : CVE-2005-3301 


Patch Notifications


TKPN2005-12-001 — Multiple critical vulnerabilities in MyBB
| Release Date         : 09-Dec-2005
| Last Modified        : 09-Dec-2005
| Advisory Release Date: Advisory TKADV2005-12-001 already released on 
                         2005/12/23