A quick note

Over the course of the last decade or so, I discovered and reported dozens of security bugs in popular software packages. By necessity, the list below contains just a subset of those; multiple security reports had never gotten a CVE number assigned to them for various reasons.
I generally focus on low-level application security, and that covers projects like: the Linux kernel, various input parsing libraries (images, PDF, media, etc.), web browsers, system services, Internet network services and similar.

The most frequent tool I use to discover software flaws is Honggfuzz, which you can read more about in the Software section of this site.


In 2016 I was nominated for a Pwnie Award for publishing a flaw in the AMD CPUs. The flaw enabled unprivileged users of a VM to execute code at the host's CPU ring0. The Register published a short article on how the bug was discovered.

Again, in 2017 I was nominated for the same Pwnie Award for finding a vulnerability on the OpenSSL suite (pre-auth) which potentially allowed to achieve remote code execution rights on a vulnerable system.

  • Memory OOB read (remote DoS) in OpenSSLCVE-2017-3731
  • Memory OOB read (remote DoS) in OpenSSLCVE-2016-7054
  • Memory Use-after-Free (potential remote RCE) in OpenSSLCVE-2016-6309
  • Pre-auth crash (privsep) in OpenSSHGit commit
  • AMD CPUs microcode privilege escalation (guest VM to host ring0) • The RegisterDebian
  • Avast for Linux  heap corruption • TYA-410-45475
  • Memory OOB read (remote DoS) in OpenSSL CVE-2015-1789  • OpenSSL sec-adv
  • Adobe Flash memory corruption - CVE-2015-0316 • MITRE
  • Multiple cases of remote code execution problems in IDA Pro - HexRays
  • Linux kernel local privilege escalation, plus an Oops - CVE-2014-7826 • CVE-2014-7825
  • Multiple flaws in the Linux kernel - CVE-2011-2184 • CVE-2011-1593 • CVE-2011-2496
  • Multiple bugs in the Freetype library – CVE-2010-2497 • CVE-2010-2498 • CVE-2010-2499 • CVE-2010-2500 • CVE-2010-2519 • CVE-2010-2520 • CVE-2010-2527
  • Universal XSS in Apple Safari 3.1 for Windows and MacOS X – CVE-2008-1025 • Apple's advisory
  • Universal XSS in Apple Safari 3.0.4 for Windows and MacOS X –  CVE-2008-1002 •  Apple's advisory
  • Linux kernel local privilege escalation exploit, making use of the bug discovered by Wojciech Purczynski – Bugtraq
  • Konqueror 3.5 address bar spoofing – FrSIRT • CVE-2007-4224 • CVE-2007-4225 • BugtraqBugtraqSecunia
  • Opera 9 data: URI address bar spoofing – CVE-2007-3819 • Opera
  • Konqueror 3.5 "data:" URI address bar spoofing – CVE-2007-3820
  • Apple Safari 3.0.2 beta for Windows IDN spoofing – Bugtraq
  • Apple Safari 3.0.1 beta for Windows URL bar spoofing – CVE-2007-2398 • CVE-2007-2398 • Bugtraq
  • Apple Safari 3.0 beta for Windows arbitrary cookie leak – CVE-2007-2391 • CVE-2007-2391 • Bugtraq
  • Linux kernel 2.6.20 DCCP Memory Disclosure Vulnerability – CVE-2007-1734 • FrSIRT • Bugtraq