Choongwoo Han

Researcher fromMicrosoft Browser Vulnerability Research
#8605of 53,632
31.9Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2021-2167
9.6
2021-02-02
Google · Google Chrome · CVE-2021-21146
**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 88.0.4324.146 **Description** The issue is related to a use after free in the Navigation component of Google Chrome, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 88.0.4324.146, update to version 88.0.4324.146 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable Navigation components until a patch is applied.
PT-2018-17827
6.5
2018-02-13
Imagemagick · Imagemagick · CVE-2018-6930
**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-22 **Description** A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file allows a remote attacker to cause a denial of service, resulting in an application crash, via a maliciously crafted pict file. **Recommendations** For ImageMagick version 7.0.7-22, consider updating to a newer version that contains a fix for this issue, as using a maliciously crafted pict file can cause the application to crash.
PT-2018-17536
6.5
2018-01-30
Imagemagick · Imagemagick · CVE-2018-6405
**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.7-23 **Description** The issue is related to a memory leak in the ReadDCMImage function. This function is located in coders/dcm.c. The memory leak occurs because the `redmap`, `greenmap`, and `bluemap` variables can be overwritten by new pointers, causing the previous pointers to be lost. This allows remote attackers to cause a denial of service. **Recommendations** For versions prior to 7.0.7-23, update to version 7.0.7-23 or later to resolve the issue.
PT-2016-1737
9.3
2016-04-13
Google · Google V8 · CVE-2016-1653
**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 50.0.2661.75 Opera (affected versions not specified) **Description** The issue is related to the LoadBuffer implementation in Google V8, which mishandles data types. This can be exploited by remote attackers using crafted JavaScript code, potentially leading to a denial of service or other unspecified impacts due to an out-of-bounds write operation. The issue is related to the files compiler/pipeline.cc and compiler/simplified-lowering.cc. **Recommendations** For Google Chrome versions prior to 50.0.2661.75, update to version 50.0.2661.75 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.