Trophies
0-day bugs Confirmed & Fixed:
- Oniguruma (6 CVEs)
- Espruino (9 CVEs)
- radare2 (49 bugs, 3 CVEs)
- ffmpeg (3 bugs, 2 CVEs, one is found separately by others)
- ImageMagick (2 bugs, 1 CVEs)
- libjpeg-turbo (1 CVE)
- MJS (21 bugs)
- Intel XED (2 bugs)
- libmobi (4 bugs)
- liblnk (36 bugs)
- libpff (7 bugs)
- libvips (14 bugs, partially fixed)
- mujs (2 bugs)
Others:
- GNU bc (18 bugs, will be fixed in next release)
- lepton (3 bugs, several unexpected hangs, not fixed)
- mozjpeg (1 category of bugs, not fixed)
- libsass (10 bugs, 2 fixed)
- GPAC (18 bugs, 15 have been fixed)
- apcalc (11 bugs, will be fixed in next release)
- GNU diffutils (2 bugs, will be fixed in next release)
- FLIF (3 bugs, not fixed)
- libtoml (3 bugs, not fixed)
- jsmn (1 bug, not fixed)
Details omitted for anonymity. Since these vulnerabilities are found very recently, we haven't had time to request CVEs.