CVEs

A few CVEs I’ve been credited with over the years, grouped by product.

Apple Safari

Eight memory-corruption CVEs from my 2026 Safari research, across Safari 26.5 (May 2026) and 26.5.2 (Jun 2026) — in WebKit, WebRTC, and Web Extensions. How they were found, and where the automation hands back to me, is in Finding memory bugs in Apple’s WebKit.

CVE Component Class Release
CVE-2026-28947 WebKit Use-after-free 26.5
CVE-2026-28946 WebKit Use-after-free 26.5
CVE-2026-28944 WebRTC Heap-buffer-overflow 26.5
CVE-2026-43704 Web Extensions Use-after-free 26.5.2
CVE-2026-43731 WebKit Use-after-free 26.5.2
CVE-2026-43705 WebKit Type confusion 26.5.2
CVE-2026-43676 WebKit OOB access 26.5.2
CVE-2026-43746 WebRTC Use-after-free 26.5.2

Adobe InCopy

  • CVE-2021-21010 — Uncontrolled search path element (CWE-427) that runs arbitrary code as the current user when a victim opens a malicious file. InCopy ≤ 15.1.1 on Windows · CVSS 7.0 (High).

GPAC / MP4Box

  • CVE-2020-24829 — Heap buffer overflow (CWE-787) in gf_m2ts_section_complete (media_tools/mpegts.c); a crafted MP4 crashes MP4Box. GPAC 0.5.2–0.8.0 · CVSS 5.5 (Medium).
  • CVE-2020-22352 — NULL-pointer dereference (CWE-476) in gf_dash_segmenter_probe_input; a crafted file to MP4Box triggers a DoS. GPAC 0.8 · CVSS 5.5 (Medium).