PUBLIC MIRROR A read-only public view of Anvil. Only publicly-disclosed findings are shown; the Playbook, techniques, sessions and embargoed research are hidden.

Research Overview

Portfolio triage for current vulnerability research, agent output, and next recommended work.

Start research session Open Method
9
Targets
7
Active
85
Findings
7
Verified (real-world)
1
CVEs
47 Harness only test artifact — not verified 2 Public API reproduced via public API 2 Real app real consumer crashed 0 Platform ImageIO / BitmapFactory / browser 3 Disclosure ready CVE / advisory ready

Latest findings

Newest first — check here after an unattended run.
SkOTUtils::RenameFont: unchecked 'name' table offset/length → heap OOB write from a crafted font (Windows font load) SkOTUtils::RenameFont skia verified 3d Uncompressed encoder: heap OOB write in rgb_block_pixel_interleave for RRGGBB images with bit-depth <= 8 unc_encoder_rgb_block_pixel_interleave::encode_tile libheif verified 4d Color conversion: heap OOB read converting odd-dimension uncompressed 4:2:0 (decoder floor-allocates chroma; multiple ceil-assuming conversion sinks incl. the common 4:2:0→RGB path) Op_YCbCr420_to_RGB24::convert_colorspace (RGB path); Op_YCbCr420_bilinear_to_YCbCr444::convert_colorspace (4:4:4 path) libheif verified 4d Image sequences: unbounded allocation reading a sample (append_data_from_file_range ignores security limits) → memory-exhaustion DoS HeifFile::append_data_from_file_range libheif harness-verified 4d VVC decode glue: reachable assert(false) in parse_sps_for_vvcC_configuration on crafted SPS (gci/subpic TODO paths) parse_sps_for_vvcC_configuration libheif harness-verified 4d PNM writer: packed_row_bytes/packer precision mismatch in streaming-strip output → heap overflow for precision not in {8,16} TileProcessor (streaming-strip ioBandCallback scratchImg) vs PNMFormat interleaver grok confirmed 9d MJ2 box parser: headerSize underflow in read_url/read_urn yields heap out-of-bounds read FileFormatMJ2Decompress::read_url / read_urn grok confirmed 9d

Next research frontier

The most promising unexamined modules to look at next.
🔒 Next-step leads — internal

The ranked list of the most promising unexamined modules is part of the internal platform.

Research coverage

Per-target portfolio state — open a target for the full workbench.
TargetStatusPriFindingsCVEs CoverageExhaustedLast activity
Grok active high 14
15/16
0% 2026-06-23
Skia active high 1
21/47
0% 2026-06-23
libpng active high 4
14/22
40% 2026-06-14
libheif paused high 7 1
19/20
60% 2026-06-23
examined examining unexplored

Disclosure pipeline

From suspicion to shipped fix.
6
Suspected
47
Harness
7
Verified
20
Reported
17
Public
2
Patched
1
CVE