Out-of-Bounds Memory Access in macOS libmacho.dylib Overview A security vulnerability has been identified in macOS’s libmacho.dylib library. The bug allows an attacker to cause an out-of-bounds memory access through a specially crafted Mach-O fat binary… Read More »RESEARCH – 2025-43254
I’ve discovered a crash in libsndfile’s IRCAM file format parser. The issue manifests as an illegal instruction (SIGILL) when processing a specially crafted file.Bug details When processing the attached malformed IRCAM file, libsndfile crashes with… Read More »RESEARCH – CVE-2025-52194- LIBSNDFILE
V8 Turboshaft Load Elimination Type Confusion Vulnerability (CVE-2024-6773)Exploitable Memory Corruption via Garbage Collection Race Condition Executive Summary A critical type confusion vulnerability (CVE-2024-6773) was discovered in V8’s Turboshaft compiler optimization pipeline. The flaw allowed stale… Read More »RESEARCH – CVE-2024-6773 – Type confusion in v8
Buffer Overflow in GNU Binutils objdump tekhex Parser Description A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex… Read More »RESEARCH – OBJDUMP -CVE-2024-53589
Last summer I decided to look into fuzzing 7zip. I gathered an interesting corpus of archive file with all 7z supported formats and started a fuzzing campaign with AFL++. After a few days of running,… Read More »RESEARCH – 7zip – CVE-2024-11612