We frequently report and fix security-critical vulnerabilities that we find as a byproduct of our research. Some of bugs that have an explictly assigned CVE or references are listed here:
| Date | Description | Ref. | Lead |
|---|---|---|---|
| 2020/07/15 | Use-after-free in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9895 | Wen Xu |
| 2020/05/26 | Incorrect JIT modeling in WebKit that leads to type confusion (link) | CVE-2020-9850 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | A logic issue that causes Safari to launch a malicious application (link) | CVE-2020-9801 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | Race condition bug in macOS that leads to elevation of privilege (link) | CVE-2020-9839 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | Memory corruption in macOS that ledas to elevation of privilege (link) | CVE-2020-9856 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | Memory corruption in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9803 | Wen Xu |
| 2020/05/26 | Memory corruption in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9806 | Wen Xu |
| 2020/05/26 | Memory corruption in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9807 | Wen Xu |
| 2020/02/04 | Type Confusion in JavaScript (link) | CVE-2020-6382 | Soyeon Park, Wen Xu |
| 2019/12/11 | Type Confusion in V8 (link) | CVE-2019-13730, CVE-2019-13764 | Soyeon Park, Wen Xu |
| 2019/12/10 | Memory corruption in macOS that leads arbitrary code execution with system privileges (link) | CVE-2019-8832 | Insu Yun |
| 2019/10/31 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8811, CVE-2019-8816 | Soyeon Park |
| 2019/10/07 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8720 | Wen Xu |
| 2019/08/21 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-1300 | Soyeon Park |
| 2019/07/23 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8688 | Insu Yun |
| 2019/07/23 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8673, CVE-2019-8676 | Wen Xu, Soyeon Park |
| 2019/07/17 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-1092 | Soyeon Park |
| 2019/06/13 | Scripting Engine Information Disclosure Vulnerability (link) | CVE-2019-1023 | Wen Xu, Soyeon Park |
| 2019/06/08 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-0990 | Soyeon Park |
| 2019/05/13 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8596, CVE-2019-8609 | Wen Xu |
| 2019/05/13 | Memory corruption in WebKit that circumvents sandbox restrictions (link) | CVE-2019-8619, CVE-2019-8628 | Wen Xu, Hanqing Zhao |
| 2019/04/23 | Heap overflow in ANGLE on Windows (link) | CVE-2019-5817 | Wen Xu |
| 2019/04/23 | Integer overflow in ANGLE (link) | CVE-2019-5806 | Wen Xu |
| 2019/04/23 | Use-after-free in ANGLE on Windows (beta) (link) | Issue 943424 | Wen Xu |
| 2019/04/23 | Use-after-free in ANGLE (beta) (link) | Issue 943538 | Wen Xu |
| 2019/03/25 | Memory corruption in WebKit that circumvents sandbox restrictions (link) | CVE-2019-8562 | Wen Xu, Hanqing Zhao |
| 2019/02/12 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-0609 | Soyeon Park, Wen Xu |
| 2019/02/03 | Use-After-Free in WebKit that may lead to arbitrary code execution (link) | CVE-2019-6212 | Wen Xu |
| 2018/07/27 | Linux HFS+ memory corruption (link) | CVE-2018-14617 | Wen Xu |
| 2018/07/27 | Linux F2FS memory corruptions (link, link, link) | CVE-2018-14614,14615,14616 | Wen Xu |
| 2018/07/27 | Linux Btrfs memory corruptions (link, link, link, link, link) | CVE-2018-14609,14610,14611,14612,14613 | Wen Xu, Po-Ning Tseng |
| 2018/07/16 | Linux ext4 memory corruptions (link, link, link, link, link) | CVE-2018-10879,10880,10881,10882,10883 | Wen Xu |
| 2018/07/16 | Linux ext4 memory corruptions (link, link, link, link) | CVE-2018-10840,10876,10877,10878 | Wen Xu |
| 2018/07/03 | Linux F2FS memory corruptions (link, link, link, link, link) | CVE-2018-13096,13097,13098,13099,13100 | Wen Xu |
| 2018/07/03 | Linux XFS memory corruption (link, link, link) | CVE-2018-13093,13094,13095 | Wen Xu |
| 2018/04/24 | Linux XFS memory corruptions (link, link) | CVE-2018-10322,10323 | Wen Xu |
| 2018/04/01 | Linux ext4 memory corruptions (link, link, link, link) | CVE-2018-1092,1093,1094,1095 | Wen Xu |
| 2017/11/30 | FFmpeg out-of-bound read in gmc_mmx (link) | CVE-2017-17081 | Insu Yun |
| 2017/11/30 | Binutils heap overflow in bfd_getl32 (link) | CVE-2017-17080 | Insu Yun |
| 2017/03/12 | Audiofile heap overflow in Expand3To4Module::run (link) | CVE-2017-6836 | Insu Yun |
| 2017/09/05 | FreeBSD netsmb double-fetch (link) | CVE-2017-15037 | Meng Xu |
| 2017/08/16 | Openjpeg 2.2.0 Heap Overflow (link) | CVE-2017-12878 | Insu Yun |
| 2017/05/10 | Dropbox Lepton 1.2.1 DoS (link) | CVE-2017-8891 | Insu Yun |
| 2016/12/13 | Windows Crypto Driver Information Disclosure Vulnerability (link) | CVE-2016-7219 (MS16-149) | Su Yong Kim, Sangho Lee, Byoungyoung Lee |
| 2016/06/09 | A heap overflow in zipimporter module (link) | CVE-2016-5636, IBB-Python #26171 | Insu Yun, Yeongjin Jang |
| 2016/06/04 | tipc: a kernel infoleak (leaking up to 60 bytes) in tipc_nl_compat_link_dump (link) | CVE-2016-5243 | Kangjie Lu |
| 2016/06/04 | rds: a kernel infoleak in rds_inc_info_copy (link) | CVE-2016-5244 | Kangjie Lu |
| 2016/05/31 | mac80211: stack object deauth_buf in net/mac80211/mlme.c is not initialized but leaked | AndroidID-28620568 | Kangjie Lu |
| 2016/05/31 | bcmdhd: many fields of stack object sinfo (drivers/net/wireless/bcmdhd/wl_cfg80211.c) are not initialized and the whole object is leaked. | AndroidID-28619338 | Kangjie Lu |
| 2016/05/31 | wireless: not all fields of stack object hdr (net/wireless/util.c) are initialized before it is leaked. | AndroidID-28620324 | Kangjie Lu |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_queue_core.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 | Kangjie Lu |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_log.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 | Kangjie Lu |
| 2016/05/31 | netfilter: one padding byte of pmsg (net/netfilter/nfnetlink_log.c) is not initialized but leaked via nla_put | AndroidID-28672819 | Kangjie Lu |
| 2016/05/31 | ipv6: some padding bytes of errhdr (net/ipv6/datagram.c) object are not initialized but leaked via put_cmsg | AndroidID-28672560 | Kangjie Lu |
| 2016/05/31 | media: some fields of u_ent (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 | Kangjie Lu |
| 2016/05/31 | media: some fields of pad (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 | Kangjie Lu |
| 2016/05/31 | media: some fields of link (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 | Kangjie Lu |
| 2016/05/17 | Kernel driver vulnerability in Eset Smart Security (link) | N/A | Su Yong Kim, Sangho Lee, Byoungyoung Lee |
| 2016/05/10 | x25: Linux kernel information leak vulnerability in x25_negotiate_facilities (link, link) | CVE-2016-4569 | Kangjie Lu |
| 2016/05/10 | ASLA: Two Linux kernel information leak vulnerabilities in timer (link, link) | CVE-2016-4578 | Kangjie Lu |
| 2016/05/09 | ASLA: Linux kernel information leak vulnerability in timer (link) | CVE-2016-4569 | Kangjie Lu |
| 2016/05/04 | Linux kernel information leak vulnerabilityi(llc module) (link) | CVE-2016-4485 | Kangjie Lu |
| 2016/05/04 | Linux kernel information leak vulnerability(netlink module) (link) | CVE-2016-4486 | Kangjie Lu |
| 2016/05/04 | Linux kernel information leak vulnerability(USB module) (link) | CVE-2016-4482 | Kangjie Lu |
| 2016/02/09 | Windows Elevation of Privilege Vulnerability (link) | CVE-2016-0040 (MS16-014) | Su Yong Kim, Byoungyoung Lee |
| 2016/01/27 | An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. (link) | Bug #71450, IBB-PHP #113122 | Yeongjin Jang, Insu Yun |
| 2016/01/27 | An integer overflow bug in php_implode() could lead heap overflow, make crashes (link) | Bug #71449, IBB-PHP #113120 | Yeongjin Jang, Insu Yun |
| 2016/01/24 | Integer overflow in wordwrap (link) | Pull request #1738, IBB-PHP #113268 | Insu Yun |
| 2015/11/10 | Windows NDIS Elevation of Privilege Vulnerability (independently reported) (link) | CVE-2015-6098 (MS15-117) | Su Yong Kim, Byoungyoung Lee |
| 2015/11/04 | Elevation of Privilege Vulnerability in Telephony (link) | CVE-2015-6614 | Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang |
| 2015/10/16 | Voice over LTE implementations contain multiple vulnerabilities (link) | VU#943167 | Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang |
| 2015/08/10 | Integer overflow in ui/cursor.c (link) | N/A | Sang Shin Jung, Byoungyoung Lee, Yeong Jang, Changwoo Min |
| 2014/12/02 | Bad casting from the BasicThebesLayer to BasicContainerLayer (link) | CVE-2014-1594 | Byoungyoung Lee, Chengyu Song |