- CVE-2020-24175: yz1: stack overflow
- CVE-2018-19857: vlc: uninitialized memory read in caf demuxer
- CVE-2017-17670: vlc: type conversion vulnerability
- CVE-2016-5399: php: out-of-bounds write in bzread()
- CVE-2016-4473: php: invalid free in phar_extract_file()
- CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*
- CVE-2016-3074: libgd: signedness vulnerability
- CVE-2016-2191: optipng: invalid write
- CVE-2016-2554: php: stack overflow when decompressing tar archives
- CVE-2015-7554: libtiff: invalid write
- CVE-2015-7555: giflib: heap overflow in giffix
- CVE-2015-7507 / CVE-2015-7508: libnsbmp: heap overflow and out-of-bounds read
- CVE-2015-7505 / CVE-2015-7506: libnsgif: stack overflow and out-of-bounds read