Project Zero Bugs
@ProjectZeroBugs
Followers
35K
Following
0
Media
0
Statuses
2K
A bot that posts the latest blog posts and disclosures from Google's Project Zero
Joined February 2016
Double-fetch of root_size in fastrpc_pack_root_sharedpage leads to buffer overflow
0
6
20
MacOS Sandbox Escape via Double Free in coreaudiod/CoreAudio Framework
0
15
59
Linux >=6.13: io_uring: SQE/CQE UAF/OOB read in race between IORING_REGISTER_RESIZE_RINGS and io_uring_show_fdinfo
0
6
21
Webkit: Cross-site CSS rule and redirect URL disclosure
0
9
31
Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm)
0
5
25
cvp: session id leaks kernel pointers due to cryptographically-insecure hashing
0
1
15
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
0
23
81
XNU VM_BEHAVIOR_ZERO_WIRED_PAGES behavior allows writing to read-only pages
1
22
117
Firefox: JavaScript can run during XSLTProcessor transform, leading to use-after-free
0
1
30
Firefox: inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access
0
3
28
Linux >=4.12: USB CDC-ACM: missing size check in acm_ctrl_irq() leads to OOB write
1
6
34
msm_npu: Race between npu_host_unload_network and npu_host_exec_network_v2 leads to memory corruption
0
3
16
libxslt: use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node
0
3
19
libxslt: use-after-free in xsltParseStylesheetProcess
0
2
7