Bugs

Summary CVE: CVE-2025-43254 Component: libmacho.dylib Vulnerability Type: Out-of-bounds memory access Vendor: Apple Severity: Medium Product: macOS Affected Versions: Sonoma, Sequoia, Ventura Fix Status: Fixed by vendor (Apple Security Update) Credit: 2ourc3 Description A security vulnerability has been identified in macOS’s libmacho.dylib. The bug allows an attacker to trigger an out-of-bounds memory access using a specially crafted Mach-O fat binary, potentially leading to information disclosure or remote code execution (depending on memory layout and exploitation constraints). ...

Summary CVE: CVE-2024-6773 Component: V8 Turboshaft (Load Elimination) Vulnerability Type: Type confusion → memory corruption (stale pointer across GC) Vendor: Google Product: Chrome / V8 JavaScript Engine Affected Versions: Chrome versions prior to M126 Fix Status: Fixed (V8 main + backports to M126 Stable / M127 Beta) Severity: Chrome S1 Credit: Salim Largo (2ourc3) Description CVE-2024-6773 is a critical type confusion vulnerability in the V8 Turboshaft compiler pipeline, specifically within the Load Elimination optimization phase. ...

Summary CVE: CVE-2024-11612 Component: 7-Zip (CopyCoder / stream processing) Vulnerability Type: Infinite loop → Denial of Service (DoS) Vendor: 7-Zip Product: 7-Zip Impact: Unbounded decompression loop / CPU hang Discoverer / Credit: 2ourc3 (Salim Largo) Disclosure: Reported via Zero Day Initiative (ZDI) Advisory: ZDI-24-1606 Description During a fuzzing campaign against 7-Zip, an input was discovered that causes the decompression process to run forever. When the crafted archive is opened, 7-Zip remains stuck in a “decompressing” state without terminating, resulting in a denial-of-service condition. ...

Summary CVE: CVE-2024-53589 Component: objdump / BFD tekhex parser Vulnerability Type: Buffer overflow / out-of-bounds read Vendor: GNU Project Product: GNU Binutils Affected Versions: 2.43 (and potentially earlier) Fix Status: Fixed (commit e0323071916878e0634a6e24d8250e4faff67e88) Credit: 2ourc3 Description A vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The issue occurs inside the Binary File Descriptor (BFD) library’s tekhex parser during format identification. In the failing case, the parser attempts to read 8 bytes from an address that precedes the global variable _bfd_std_section, resulting in an out-of-bounds read. This invalid read is reachable with a crafted tekhex file and can be triggered simply by running objdump on the file. ...