这个页面记录一下自己挖掘过的二进制漏洞(很水,大牛勿喷)

2023

CVE-2023-34474 A heap-based buffer overflow issue in ImageMagick’s ReadTIM2ImageData() function in coders/tim2.c.
https://access.redhat.com/security/cve/CVE-2023-34474

CVE-2023-34475 A heap use after free issue in ImageMagick’s ReplaceXmpValue() function in MagickCore/profile.c.
https://access.redhat.com/security/cve/CVE-2023-34475

NVDB-CITIVD-2023381458 UOS看图软件deepin-image-viewer越界读取漏洞

NVDB-CITIVD-2023412815 UOS看图软件deepin-image-viewer堆越界写漏洞

NVDB-CITIVD-2023375516 UOS看图软件deepin-image-viewer浮点数异常漏洞

2022

CVE-2022-28068 A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28068

CVE-2022-28069 A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28069

CVE-2022-28070 A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28070

CVE-2022-28071 A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28071

CVE-2022-28072 A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28072

CVE-2022-28073 A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28073

2021

CVE-2021-34335 Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff
https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984

CVE-2021-37615 Null pointer dereference in Exiv2::Internal::resolveLens0x319
https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w

CVE-2021-37616 Null pointer dereference in Exiv2::Internal::resolveLens0x8ff
https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w

CVE-2021-37618 Out-of-bounds read in Exiv2::Jp2Image::printStructure
https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2

CVE-2021-29473 Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2

CVE-2021-29470 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj

CVE-2021-42586 Heap-buffer-overflow in copy_bytes
https://nvd.nist.gov/vuln/detail/CVE-2021-42586
https://github.com/LibreDWG/libredwg/issues/350

CVE-2021-42585 Heap-buffer-overflow in copy_compressed_bytes
https://nvd.nist.gov/vuln/detail/CVE-2021-42585
https://github.com/LibreDWG/libredwg/issues/351

CVE-2021-28275 A Denial of Service vulnerability exists in jhead 3.04 and 3.05
https://github.com/Matthias-Wandel/jhead/issues/17
https://www.cve.org/CVERecord?id=CVE-2021-28275

CVE-2021-28276 A Denial of Service vulnerability exists in jhead 3.04 and 3.05
https://github.com/Matthias-Wandel/jhead/issues/17
https://www.cve.org/CVERecord?id=CVE-2021-28276

CVE-2021-28277 A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05
https://github.com/Matthias-Wandel/jhead/issues/16
https://www.cve.org/CVERecord?id=CVE-2021-28277

CVE-2021-28278
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05

https://github.com/Matthias-Wandel/jhead/issues/15
https://www.cve.org/CVERecord?id=CVE-2021-28278

CNVD-2021-34780 flvmeta amf_object_get_name函数堆越界读取漏洞

CNVD-2021-34779 flvmeta amf_string_new 函数堆越界读取漏洞

CNVD-2021-34778 flvmeta check_flv_file函数栈溢出漏洞

CNVD-2021-08398 jhead process_DQT函数堆越界读取漏洞

CNVD-2021-08397 jhead RemoveSectionType函数堆越界读取漏洞

CNVD-2021-08396 jhead RemoveUnknownSections函数堆越界读取漏洞

CVE-2020-24119 upx: heap buffer overflow read in p_lx_elf.cpp
https://github.com/upx/upx/issues/388

2020

CVE-2020-27796 upx: heap-based buffer over-read in invert_pt_dynamic function in p_lx_elf.cpp
CVE-2020-27797 upx: invalid memory address reference elf_lookup function in p_lx_elf.cpp
CVE-2020-27798 upx: invalid memory address reference in adjABS function in p_lx_elf.cpp
CVE-2020-27799 upx: heap-based buffer over-read in acc_ua_get_be32 function in miniacc.h
CVE-2020-27800 upx: heap-based buffer over-read in get_le32 function in bele.h
CVE-2020-27801 upx: heap-based buffer over-read in get_le64 function in bele.h (affected code: upx - upx4.0.0-git-8d1d605b3d8c+)
CVE-2020-27802 upx: floating point exception in elf_lookup function in p_lx_elf.cpp
CVE-2020-27818 pngcheck: global buffer overflow in check_chunk_name function
CVE-2020-35511 pngcheck: global buffer overflow in pngcheck function

CNVD-2020-58346 mkclean libebml2 ebmlmaster.c EBML_MasterFindFirstElt函数释放后重用漏洞
CNVD-2020-58377 mkclean libebml2 ebmlmaster.c EBML_MasterUseChecksum函数释放后重用漏洞
CNVD-2020-58376 mkclean Node_Release函数释放后重用漏洞
CNVD-2020-58833 mkvalidator libebml2 ebmlmain.c EBML_ReadCodedSizeValue函数堆越界读取漏洞
CNVD-2020-58835 mkvalidator libebml2 ebmlcrc.c EBML_CRCMatches函数释放后重用漏洞
CNVD-2020-58834 mkvalidator libebml2 ebmlcrc.c EBML_CRCMatches函数堆越界读取漏洞
CNVD-2020-62736 lepton makeEncoder函数堆越界写漏洞
CNVD-2020-69471 pngcheck check_chunk_name函数全局缓冲区越界读漏洞
CNVD-2020-69470 pngcheck print_buffer函数全局缓冲区越界读漏洞

2017-2019

本地漏洞

PDF阅读器

迷你PDF阅读器(MINIPDF) v2.16.9.5:1个uaf,2个拒绝服务

极速PDF阅读器(v2.2.6.1001版本,v3.0.0.1006版本都存在):2个拒绝服务

图片查看器

人人极速相册(v2.7): 2个堆溢出,2个拒绝服务,1个double free

2345图片查看器:1个整数溢出漏洞

IOT漏洞

路由器

移动和路由器:5个XSS,一个命令注入(3个参数都存在注入),一个栈溢出(3个参数都存在溢出)