I specialize in code audits aimed at exposing memory corruption issues in C and C++ codebases, white box code reads coupled with automation using modern fuzzers (AFL, Honggfuzz) and sanitizers.

I cooperated directly with MITRE in the process of evaluating and assigning the following CVEs. Additionally I personally triaged them, evaluated their security impact and reported the issues to upstream developers, providing guidance with understanding the issue and often testing upstream provided fixes.

• md4c - Use of uninitialized value in md_push_block_bytes() - CVE-2020-26148
• peg-markdown - NULL pointer dereference in process_raw_blocks() - CVE-2020-25821
• fontforge - NULL pointer dereference in dumpcffnames()
• fontforge - NULL pointer dereference in strstrmatch()
• fontforge - NULL pointer dereference in SFD_AssignLookups()
• fontforge - NULL pointer dereference in SFDGetSpiros()
• fontforge - Heap-based buffer overflow in Type2NotDefSplines() - CVE-2020-5496
• fontforge - Use-after-free (heap) in SFD_GetFontMetaData() - CVE-2020-5395
• perl - NULL pointer dereference in S_pending_ident()
• lout - Buffer overflow in StringQuotedWord() - CVE-2019-19917
• lout - Heap-based buffer overflow in srcnext() - CVE-2019-19918
• libspiro - Stack-based buffer overflow in spiro_to_bpath0() - CVE-2019-19847
• fig2dev - Out-of-bounds write in read_colordef() - CVE-2019-19797
• yabasic - Heap-based buffer overflow in myformat() - CVE-2019-19796
• samurai - Heap-based buffer overflow in canonpath() - CVE-2019-19795
• atasm - Stack-based buffer overflow in get_signed_expression() - CVE-2019-19787
• atasm - Stack-based buffer overflow in parse_expr() - CVE-2019-19786
• atasm - Stack-based buffer overflow in to_comma() - CVE-2019-19785
• yabasic - Heap-based buffer overflow in yylex() - CVE-2019-19720
• htmldoc - Stack-based buffer overflow in hd_strlcpy() - CVE-2019-19630
• opendetex - Buffer overflow in TexOpen() - CVE-2019-19601
• fig2dev - Stack-based buffer overflow in read_textobject() - CVE-2019-19555
• gnucobol - Use-after-free (heap) in end_scope_of_program_name() - CVE-2019-16396
• gnucobol - Stack-based buffer overflow in cb_name() - CVE-2019-16395
• picoc - Heap-based buffer overflow in StringStrcpy() - CVE-2019-16277
• adplug - Double free in Cu6mPlayer::~Cu6mPlayer() - CVE-2019-15151
• adplug - Multiple heap-based buffer overflows in CmtkLoader::load() - CVE-2019-14734
• adplug - Multiple heap-based buffer overflows in CradLoader::load() - CVE-2019-14733
• adplug - Multiple heap-based buffer overflows in Ca2mLoader::load() - CVE-2019-14732
• adplug - Heap-based buffer overflow in CmkjPlayer::load() - CVE-2019-14692
• adplug - Heap-based buffer overflow in CdtmLoader::load() - CVE-2019-14691
• adplug - Heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() - CVE-2019-14690
• brandy - Heap-based buffer overflow in define_array() - CVE-2019-14665
• brandy - Stack-based buffer overflow in fileio_openout() - CVE-2019-14662
• brandy - Stack-based buffer overflow in fileio_openin() - CVE-2019-14663
• gnucobol - Stack-based buffer overflow in cb_encode_program_id() - CVE-2019-14541
• gnucobol - Heap-based buffer overflow in read_literal() - CVE-2019-14528
• gnucobol - Buffer overflow in cb_evaluate_expr() - CVE-2019-14486
• gnucobol - Buffer overflow in cb_push_op() - CVE-2019-14468
• nsd - NULL pointer dereference in domain_dname()
• nsd - NULL pointer dereference in rdata_atom_size()
• schismtracker - Heap-based buffer overflow in fmt_mtm_load_song() - CVE-2019-14465
• milkytracker - Heap-based buffer overflow in XMFile::read() - CVE-2019-14464
• milkytracker - Stack-based buffer overflow in LoaderXM::load() - CVE-2019-14496
• milkytracker - Heap-based buffer overflow in ModuleEditor::convertInstrument() - CVE-2019-14497
• pcf2bdf - Stack-based buffer overflow in main()
• fig2dev - Stack-based buffer overflow in calc_arrow() - CVE-2019-14275
• dpic - Stack-based buffer overflow in wfloat() - CVE-2019-13989
• gdnsd - Stack-based buffer overflow in set_ipv6() - CVE-2019-13952
• gdnsd - Stack-based buffer overflow in set_ipv4() - CVE-2019-13951
• nsd - Stack-based buffer overflow in dname_concatenate() - CVE-2019-13207
• nsd - Out-of-bounds read caused by improper validation of array index
• mcpp - Heap-based buffer overflow in do_msg() - CVE-2019-14274
• mcpp - Out-of-bounds reads (heap) in get_line(), parse_line(), and do_msg()
• validns - Multiple NULL pointer dereferences
• nyancat - Stack-based buffer overflow