6,264
edits
Changes
Jump to navigation
Jump to search
Line 83:
Line 83: + + + + + + + + + + + + + − +
→System applets
| [[10.1.0-27|10.1.0-X]]
| [[10.1.0-27|10.1.0-X]]
| May 14, 2015
| May 14, 2015
| [[User:Yellows8|Yellows8]]
|-
| [[Home Menu]] theme-data decompression buffer overflow ([[themehax]])
| The only size parameter used by the theme decompression function is one for the compressed size. There is zero checks / code using the decompressed-size. The code calling this function does not check or even use the decompressed size from the header either.
This function is separate from the rest of the Home Menu code: the function used for decompressing themes is *only* used for decompressing themes, nothing else. There's a separate decompression function in Home Menu used for decompressing everything else.
That other decompression function in Home Menu handles decompression size properly(decompressed size check for max buffer size is done by code calling the other function, not in the function itself). Unlike the other function, the theme function supports multiple LZ algorithms, but the one which actually gets used in official themes is the same one supported by the other function anyway.
See also [[themehax|here]].
| None
| [[10.1.0-27|10.1.0-X]]
| December 22, 2014
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|-
|-
| Webkit bugs
| Webkit bugs
| spider has had at least three different code-execution exploits. Majority of them are use-after-free issues.
| spider has had at least three different code-execution exploits. Majority of them are use-after-free issues. See also [[browserhax|here]].
|
|
|
|