Trophies

0-day bugs Confirmed & Fixed:

• Oniguruma (6 CVEs)
• Espruino (9 CVEs)
• radare2 (49 bugs, 3 CVEs)
• ffmpeg (3 bugs, 2 CVEs, one is found separately by others)
• ImageMagick (2 bugs, 1 CVEs)
• libjpeg-turbo (1 CVE)
• MJS (21 bugs)
• Intel XED (2 bugs)
• libmobi (4 bugs)
• liblnk (36 bugs)
• libpff (7 bugs)
• libvips (14 bugs, partially fixed)
• mujs (2 bugs)

Others:

• GNU bc (18 bugs, will be fixed in next release)
• lepton (3 bugs, several unexpected hangs, not fixed)
• mozjpeg (1 category of bugs, not fixed)
• libsass (10 bugs, 2 fixed)
• GPAC (18 bugs, 15 have been fixed)
• apcalc (11 bugs, will be fixed in next release)
• GNU diffutils (2 bugs, will be fixed in next release)
• FLIF (3 bugs, not fixed)
• libtoml (3 bugs, not fixed)
• jsmn (1 bug, not fixed)

Details omitted for anonymity. Since these vulnerabilities are found very recently, we haven't had time to request CVEs.