Talos Intelligence advisories


Mostly complete archive of vulnerabilities I found while working at Talos.

TALOS ID Title Date CVE CVSS
TALOS-2023-1739 Foxit Reader Choice Field use-after-free vulnerability 2023-07-19 CVE-2023-28744 8.8
TALOS-2023-1756 Foxit Reader Field Calculate event use-after-free vulnerability 2023-07-19 CVE-2023-27379 8.8
TALOS-2023-1747 Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability 2023-07-17 CVE-2023-36887 8.1
TALOS-2022-1659 Apple DCERPC presentation result list out of bounds memory access 2023-07-13 CVE-2023-23539 5.9
TALOS-2022-1660 Apple DCERPC packet stats buffer overflow vulnerability 2023-07-13 CVE-2023-23513 8.1
TALOS-2022-1675 Apple DCERPC allocation hint uninitialized memory disclosure vulnerability 2023-07-13 None 5.3
TALOS-2022-1676 Apple DCERPC association groups heap overflow 2023-07-13 CVE-2023-27935 7.5
TALOS-2022-1677 Apple DCERPC call request uninitialized memory heap overflow vulnerability 2023-07-13 CVE-2023-27934 7.5
TALOS-2022-1678 Apple DCERPC alter context response use-after-free vulnerability 2023-07-13 CVE-2023-28180 7.5
TALOS-2022-1679 Apple DCERPC zero length BIND packet infinite loop 2023-07-13 None 5.3
TALOS-2022-1688 Apple DCERPC array marshaling uninitialized memory disclosure vulnerability 2023-07-13 CVE-2023-27953 5.3
TALOS-2022-1689 Apple DCERPC fixed array use after free vulnerability 2023-07-13 CVE-2023-27958 7.5
TALOS-2023-1800 VMWare vCenter Server DCERPC presentation result list out of bounds memory access 2023-07-13 CVE-2023-20896 5.9
TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability 2023-07-13 CVE-2023-20892 7.5
TALOS-2022-1650 Qt Project Qt QML QtScript Javascript spreading buffer overflow vulnerability 2023-01-12 CVE-2022-43591 8.8
TALOS-2022-1600 Foxit Reader deletePages Field Calculate use-after-free vulnerability 2022-11-10 CVE-2022-32774 8.8
TALOS-2022-1601 Foxit Reader annotation destroy use-after-free vulnerability 2022-11-10 CVE-2022-38097 8.8
TALOS-2022-1602 Foxit Reader openPlayer use-after-free vulnerability 2022-11-10 CVE-2022-37332 8.8
TALOS-2022-1614 Foxit Reader Optional Content Group use-after-free vulnerability 2022-11-10 CVE-2022-40129 8.8
TALOS-2022-1516 Adobe Acrobat Reader DC overlapping annotations type confusion vulnerability 2022-07-13 CVE-2022-34221 8.8
TALOS-2022-1525 Adobe Acrobat Reader DC event value use-after-free 2022-07-13 CVE-2022-34230 8.8
TALOS-2021-1429 Foxit Reader deletePages use-after-free vulnerability 2022-01-31 CVE-2021-40420 8.8
TALOS-2022-1439 Foxit Reader getPageNthWordQuads mishandled exception vulnerability 2022-01-31 CVE-2022-22150 8.8
TALOS-2021-1387 Adobe Acrobat Reader Javascript event.richValue use-after-free vulnerability 2022-01-11 CVE-2021-44710 8.8
TALOS-2021-1410 Adobe Acrobat Reader DC annotation gestures integer overflow vulnerability 2022-01-11 CVE-2021-44711 8.8
TALOS-2021-1294 Foxit Reader removeField use-after-free vulnerability 2021-07-27 CVE-2021-21831 8.8
TALOS-2021-1307 Foxit Reader FileAttachment annotation use-after-free vulnerability redux 2021-07-27 CVE-2021-21870 8.8
TALOS-2021-1336 Foxit Reader Field OnFocus event use-after-free vulnerability 2021-07-27 CVE-2021-21893 8.8
TALOS-2021-1246 Apple macOS SMB server TREE_CONNECT stack buffer overflow vulnerability 2021-06-02 CVE-2020-10005 8.5
TALOS-2021-1258 Apple macOS SMB server IOCTL request uninitialized stack variable vulnerability 2021-06-02 CVE-2021-30712 4.2
TALOS-2021-1260 Apple macOS SMB server directory query request integer overflow vulnerability 2021-06-02 CVE-2021-30717 7.5
TALOS-2021-1263 Apple macOS SMB server lock request infinite loop 2021-06-02 CVE-2021-30716 6.5
TALOS-2021-1268 Apple macOS SMB server create file request uninitialized memory disclosure 2021-06-02 CVE-2021-30722 6.5
TALOS-2021-1269 Apple macOS SMB server directory query arbitrary file access 2021-06-02 CVE-2021-30721 4.3
TALOS-2021-1237 Apple macOS SMB server signature verification information disclosure vulnerability 2021-05-19 CVE-2021-1878 7.1
TALOS-2021-1233 Adobe Acrobat Reader DC JavaScript search query code execution vulnerability 2021-05-11 CVE-2021-28562 8.0
TALOS-2021-1287 Foxit Reader FileAttachment annotation use-after-free vulnerability 2021-05-06 CVE-2021-21822 8.8
TALOS-2020-1165 Foxit Reader JavaScript media openPlayer type confusion vulnerability 2020-12-09 CVE-2020-13547 8.8
TALOS-2020-1166 Foxit Reader Javascript Field fileSelect Use After Free Vulnerability 2020-12-09 CVE-2020-13548 8.0
TALOS-2020-1171 Foxit Reader JavaScript choice field use-after-free vulnerability 2020-12-09 CVE-2020-13557 8.8
TALOS-2020-1175 Foxit Reader JavaScript choice field format event use-after-free vulnerability 2020-12-09 CVE-2020-13560 8.8
TALOS-2020-1181 Foxit Reader JavaScript remove template use-after-free vulnerability 2020-12-09 CVE-2020-13570 7.5
TALOS-2020-1094 Pixar OpenUSD binary file format compressed sections code execution vulnerabilities 2020-11-12 CVE-2020-6147, CVE-2020-6148, CVE-2020-6149, CVE-2020-6150, CVE-2020-6156, CVE-2020-13493 8.8
TALOS-2020-1101 Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities 2020-11-12 CVE-2020-6155 8.8
TALOS-2020-1103 Pixar OpenUSD Binary File Format Token Strings Information Leak Vulnerability 2020-11-12 CVE-2020-13494 4.3
TALOS-2020-1104 Pixar OpenUSD binary file format offset seek information leak vulnerability 2020-11-12 CVE-2020-9973 4.3
TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability 2020-11-12 CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 4.3
TALOS-2020-1120 Pixar OpenUSD Binary File Format Decompressed Path Rebuilding Memory corruption 2020-11-12 CVE-2020-13520 8.8
TALOS-2020-1125 Pixar OpenUSD binary file format specs memory corruption 2020-11-12 CVE-2020-13524 6.3
TALOS-2020-1145 Pixar OpenUSD SDF layer path remote code execution 2020-11-12 CVE-2020-13531 8.8
TALOS-2020-1156 Adobe Acrobat Reader DC form field format use after free 2020-11-05 CVE-2020-24437 8.8
TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux 2020-11-05 CVE-2020-24435 8.8
TALOS-2020-1092 Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability 2020-09-14 CVE-2020-6513 6.3
TALOS-2020-1044 Google Chrome PDFium Javascript Regexp Memory Corruption Vulnerability 2020-07-02 CVE-2020-6458 8.8
TALOS-2020-1044 Google Chrome PDFium Javascript Regexp Memory Corruption Vulnerability 2020-07-02 CVE-2020-6458 8.8
TALOS-2020-1055 Zoom client application chat Giphy arbitrary file write 2020-06-03 CVE-2020-6109 8.5
TALOS-2020-1056 Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability 2020-06-03 CVE-2020-6110 8.0
TALOS-2020-0997 Nitro PRO PDF nested pages remote code execution vulnerability 2020-05-18 CVE-2020-6074 8.8
TALOS-2020-1013 Nitro Pro PDF Pattern Object Code Execution Vulnerability 2020-05-18 CVE-2020-6092 8.8
TALOS-2020-1014 Nitro Pro PDF Javascript XML error handling Information Disclosure Vulnerability 2020-05-18 CVE-2020-6093 6.5
TALOS-2020-1028 Adobe Acrobat Reader DC Annotation Destroy Remote Code Execution 2020-05-12 CVE-2020-9607 8.8
TALOS-2020-1028 Adobe Acrobat Reader DC Annotation Destroy Remote Code Execution 2020-05-12 CVE-2020-9607 8.8
TALOS-2020-1031 Adobe Acrobat Reader DC Javascript submitForm Remote Code Execution Vulnerability 2020-05-12 CVE-2020-9609 8.8
TALOS-2020-1052 Zoom Communications Registered Users Enumeration 2020-04-21 -- 6.5
TALOS-2020-0985 CoTURN HTTP Server POST-parsing denial-of-service vulnerability 2020-02-18 CVE-2020-6062 5.9
TALOS-2020-0984 CoTURN HTTP Server POST-parsing information leak vulnerability 2020-02-18 CVE-2020-6061 7.0
TALOS-2019-0959 Adobe Acrobat Reader DC Javascript Field Name Information Leak 2020-02-11 CVE-2020-3744 6.8
TALOS-2020-0975 Mini-SNMPD decode_cnt information leak vulnerability 2020-02-03 CVE-2020-6058 8.2
TALOS-2020-0976 Mini-SNMPD decode_int Information Leak Vulnerability 2020-02-03 CVE-2020-6059 8.2
TALOS-2019-0935 Foxit PDF Reader Javascript createTemplate Invalid Page Code Execution Vulnerability 2020-01-16 CVE-2019-5130 8.0
TALOS-2019-0920 Foxit PDF Reader JavaScript field action OnBlur remote code execution vulnerability 2020-01-16 CVE-2019-5131 8.8
TALOS-2019-0915 Foxit PDF Reader Javascript Field Action Validate Remote Code Execution Vulnerability 2020-01-16 CVE-2019-5126 8.8
TALOS-2019-0934 Foxit PDF Reader JavaScript field keystroke action remote code execution vulnerability 2020-01-16 CVE-2019-5145 8.8
TALOS-2019-0947 Adobe Acrobat Reader DC Javascript gotoNamedDest information leak vulnerability 2019-12-10 CVE-2019-16463 6.8
TALOS-2019-0860 Adobe Acrobat Reader DC text field value remote code execution vulnerability redux 2019-10-15 CVE-2019-8183 8.8
TALOS-2019-0817 NitroPDF ICCBased Color Space Remote Code Execution Vulnerability 2019-10-09 CVE-2019-5048 8.8
TALOS-2019-0814 NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability 2019-10-09 CVE-2019-5045 8.8
TALOS-2019-0815 NitroPDF jpeg2000 yTsiz Remote Code Execution Vulnerability 2019-10-09 CVE-2019-5046 8.8
TALOS-2019-0819 NitroPDF Page Kids Remote Code Execution Vulnerability 2019-10-09 CVE-2019-5050 8.8
TALOS-2019-0793 Foxit PDF Reader JavaScript Array.includes remote code execution vulnerability 2019-09-30 CVE-2019-5031 8.8
TALOS-2019-0855 Aspose.PDF for C++ LZWDecode filter predictor remote code execution vulnerability 2019-09-17 CVE-2019-5066 9.8
TALOS-2019-0856 Aspose.PDF for C++ parent generation remote code execution vulnerability 2019-09-17 CVE-2019-5067 9.8
TALOS-2019-0791 Google V8 Array.prototype Memory Corruption Vulnerability 2019-07-01 CVE-2019-5831 7.5
TALOS-2019-0796 Adobe Acrobat Reader DC app.thermometer Remote Code Execution Vulnerability 2019-05-14 CVE-2019-7831 8.0
TALOS-2019-0778 Adobe Acrobat Reader DC OCGs state change remote code execution vulnerability 2019-05-14 CVE-2019-7761 8.8
TALOS-2019-0774 Adobe Acrobat Reader DC text field value remote code execution vulnerability — redux 2019-04-09 CVE-2019-7125 8.8
TALOS-2018-0714 Adobe Acrobat Reader DC text field “comb” property remote code execution vulnerability 2019-02-12 CVE-2019-7039 8.8
TALOS-2018-0626 Foxit PDF Reader XFA xdpContent information leak vulnerability 2019-01-03 CVE-2018-3956 6.8
TALOS-2018-0704 Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability 2018-12-11 CVE-2018-19716 8.8
TALOS-2018-0639 Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability 2018-10-03 CVE-2018-16076 5.9
TALOS-2018-0623 Adobe Acrobat Reader DC collab review server remote code execution vulnerability 2018-10-02 CVE-2018-12852 6.8
TALOS-2018-0664 Foxit PDF Reader JavaScript field object isDefaultChecked remote code execution vulnerability 2018-10-01 CVE-2018-3996 8.0
TALOS-2018-0665 Foxit PDF Reader JavaScript field object signatureGetSeedValue remote code execution vulnerability 2018-10-01 CVE-2018-3997 8.0
TALOS-2018-0663 Foxit PDF Reader JavaScript Field object signatureInfo remote code execution vulnerability 2018-10-01 CVE-2018-3995 8.0
TALOS-2018-0608 Foxit PDF Reader JavaScript getNthFieldName remote code execution vulnerability 2018-10-01 CVE-2018-3941 8.0
TALOS-2018-0610 Foxit PDF Reader JavaScript getPageBox remote code execution vulnerability 2018-10-01 CVE-2018-3943 8.0
TALOS-2018-0613 Foxit PDF Reader JavaScript getPageNthWord remote code execution vulnerability 2018-10-01 CVE-2018-3946 8.0
TALOS-2018-0629 Foxit PDF Reader JavaScript getPageNumWords remote code execution vulnerability 2018-10-01 CVE-2018-3964 8.0
TALOS-2018-0609 Foxit PDF Reader JavaScript getPageRotation remote code execution vulnerability 2018-10-01 CVE-2018-3942 8.0
TALOS-2018-0662 Foxit PDF Reader Javascript importDataObject Remote Code Execution Vulnerability 2018-10-01 CVE-2018-3994 8.0
TALOS-2018-0612 Foxit PDF Reader Javascript JSON.Stringify this.info Remote Code Execution Vulnerability 2018-10-01 CVE-2018-3945 8.0
TALOS-2018-0611 Foxit PDF Reader JavaScript JSON.Stringify this remote code execution vulnerability 2018-10-01 CVE-2018-3944 8.0
TALOS-2018-0661 Foxit PDF Reader Javascript Optional Content Group Remote Code Execution Vulnerability 2018-10-01 CVE-2018-3993 8.0
TALOS-2018-0660 Foxit PDF Reader JavaScript page change remote code execution vulnerability 2018-10-01 CVE-2018-3992 8.0
TALOS-2018-0607 Foxit PDF Reader Javascript removeDataObject Remote Code Execution Vulnerability 2018-10-01 CVE-2018-3940 8.0
TALOS-2018-0630 Foxit PDF Reader JavaScript this.bookmarkRoot.children remote code execution vulnerability 2018-10-01 CVE-2018-3965 8.0
TALOS-2018-0631 Foxit PDF Reader JavaScript this.dataObjects remote code execution vulnerability 2018-10-01 CVE-2018-3966 8.0
TALOS-2018-0632 Foxit PDF Reader JavaScript this.event.target Remote Code Execution Vulnerability 2018-10-01 CVE-2018-3967 8.0
TALOS-2018-0628 Foxit PDF Reader JavaScript this.info multiple remote code execution vulnerabilities 2018-10-01 CVE-2018-3957, CVE-2018-3958, CVE-2018-3959, CVE-2018-3960, CVE-2018-3961, CVE-2018-3962 8.0
TALOS-2018-0606 Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability 2018-07-19 CVE-2018-3939 8.0
TALOS-2018-0588 Foxit PDF Reader Javascript MailForm Remote Code Execution Vulnerability 2018-07-19 CVE-2018-3924 8.8
TALOS-2018-0569 Adobe Acrobat Reader DC Collab.drivers Remote Code Execution Vulnerability 2018-07-10 CVE-2018-12812 6.8
TALOS-2018-0590 Adobe Acrobat Reader DC Collab newWrStreamToCosObj Remote Code Execution Vulnerability 2018-07-10 CVE-2018-12756 6.8
TALOS-2018-0592 Adobe Acrobat Reader DC JSON Stringify Remote Code Execution Vulnerability 2018-07-10 CVE-2018-12815 6.8
TALOS-2018-0518 Adobe Acrobat Reader DC ANFancyAlertImpl Remote Code Execution Vulnerability 2018-05-15 CVE-2018-4947 6.8
TALOS-2018-0517 Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability 2018-05-15 CVE-2018-4996 7.1
TALOS-2018-0526 Foxit PDF Reader AssociatedFile Annotation Type Confusion 2018-04-19 CVE-2018-3843 6.5
TALOS-2018-0536 Foxit PDF Reader JavaScript createTemplate Remote Code Execution Vulnerability 2018-04-19 CVE-2018-3853 8.8
TALOS-2017-0506 Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability 2018-04-19 CVE-2017-14458 8.8
TALOS-2018-0525 Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability 2018-04-19 CVE-2018-3842 8.8
TALOS-2018-0532 Foxit PDF Reader JavaScript XFA Clone Remote Code Execution Vulnerability 2018-04-19 CVE-2018-3850 8.8
TALOS-2017-0510 Dovecot IMAP Server rfc822_parse_domain Information Leak Vulnerability 2018-03-01 CVE-2017-14461 5.9
TALOS-2017-0505 Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability 2018-02-23 CVE-2018-4901 8.8
TALOS-2017-0356 Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Remote Code Execution Vulnerability 2017-11-14 CVE-2017-16367 8.8
TALOS-2017-0416 Cesanta Mongoose DNS Query Compressed Name Pointer Denial Of Service 2017-10-31 CVE-2017-2909 7.5
TALOS-2017-0398 Cesanta Mongoose HTTP Server CGI Remote Code Execcution Vulnerability 2017-10-31 CVE-2017-2891 9.8
TALOS-2017-0399 Cesanta Mongoose MQTT Payload Length Remote Code Execution 2017-10-31 CVE-2017-2892 6.8
TALOS-2017-0400 Cesanta Mongoose MQTT SUBSCRIBE Command Denial Of Service 2017-10-31 CVE-2017-2893 6.8
TALOS-2017-0402 Cesanta Mongoose MQTT SUBSCRIBE Topic Length Information Leak 2017-10-31 CVE-2017-2895 8.2
TALOS-2017-0401 Cesanta Mongoose MQTT SUBSCRIBE Multiple Topics Remote Code Execution 2017-10-31 CVE-2017-2894 9.8
TALOS-2017-0429 Cesanta Mongoose Websocket Protocol Fragmented Packet Code Execution Vulnerability 2017-10-31 CVE-2017-2922 9.8
TALOS-2017-0428 Cesanta Mongoose Websocket Protocol Packet Length Code Execution Vulnerability 2017-10-31 CVE-2017-2921 8.1
TALOS-2017-0432 Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability 2017-10-19 CVE-2017-5133 7.5
TALOS-2017-0392 GNOME libsoup HTTP Chunked Encoding Remote Code Execution Vulnerability 2017-08-10 CVE-2017-2885 9.8
TALOS-2017-0361 Adobe Acrobat Reader DC AcroForm PDFDocEncoding Remote Code Execution Vulnerability 2017-08-08 CVE-2017-11263 8.8
TALOS-2017-0321 Poppler PDF library JPEG 2000 levels Code Execution Vulnerability 2017-07-07 CVE-2017-2820 8.8
TALOS-2017-0278 InsideSecure MatrixSSL x509 certificate General Names Information Disclosure Vulnerability 2017-06-22 CVE-2017-2782 6.5
TALOS-2017-0277 InsideSecure MatrixSSL x509 certificate IssuerDomainPolicy Remote Code Execution Vulnerability 2017-06-22 CVE-2017-2781 8.1
TALOS-2017-0276 InsideSecure MatrixSSL x509 certificate SubjectDomainPolicy Remote Code Execution Vulnerability 2017-06-22 CVE-2017-2780 8.1
TALOS-2016-0242 MuPDF Fitz library font glyph scaling Code Execution Vulnerability 2017-05-15 CVE-2016-8728 8.6
TALOS-2017-0293 WolfSSL library X509 Certificate Text Parsing Code Execution Vulnerability 2017-05-04 CVE-2017-2800 8.1
TALOS-2017-0294 Randombit Botan Library X509 Certificate Validation Bypass Vulnerability 2017-04-28 CVE-2017-2801 6.5
TALOS-2017-0310 IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability 2017-04-26 CVE-2017-2813 8.8
TALOS-2017-0274 ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability 2017-04-19 CVE-2017-2784 8.1
TALOS-2017-0296 Apple OS X and iOS x509 certificate parsing Name Constraints Remote Code Execution Vulnerability 2017-03-09 CVE-2017-2485 8.8
TALOS-2016-0259 Adobe Acrobat Reader DC jpeg decoder Remote Code Execution Vulnerability 2017-01-20 CVE-2017-2971 8.8
TALOS-2016-0219 Memcached Server Append/Prepend Remote Code Execution Vulnerability 2016-10-31 CVE-2016-8704 9.8
TALOS-2016-0221 Memcached Server SASL Autentication Remote Code Execution Vulnerability 2016-10-31 CVE-2016-8706 8.1
TALOS-2016-0220 Memcached Server Update Remote Code Execution Vulnerability 2016-10-31 CVE-2016-8705 9.8
TALOS-2016-0201 Foxit PDF Reader JBIG2 Parser Information Disclosure Vulnerability 2016-10-18 CVE-2016-8334 6.8
TALOS-2016-0193 OpenJPEG JPEG2000 mcc record Code Execution Vulnerability 2016-09-29 CVE-2016-8332 7.5
TALOS-2016-0193 OpenJPEG JPEG2000 mcc record Code Execution Vulnerability 2016-09-29 CVE-2016-8332 7.5
TALOS-2016-0170 Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability 2016-08-09 CVE-2016-3319 7.5
TALOS-2016-0126 The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability 2016-06-27 CVE-2016-4324 6.3
TALOS-2016-0174 Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability 2016-06-08 CVE-2016-1681 6.3
TALOS-2015-0035 MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow 2015-09-15 CVE-2015-6031 --