Codean

@[email protected]
11 Followers
9 Following
26 Posts
Ethical hackers rock and we think they do not get enough love (tool wise). So we are creating a tool for security analysts, by security analysts!
Websitehttps://about.codean.io
Pentestshttps://codeanlabs.com
CodeanJun 12, 2025
Two of our Codean Labs colleagues evaluated OpenPGP.js and identified a signature spoofing vulnerability. Writeup includes a PoC where we demonstrate the vulnerability by spoofing a message by the Dutch government's Cyber Security Center!
https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/
CVE-2025-47934 - Spoofing OpenPGP.js signature verification — Codean Labs

CVE-2025-47934 allows attackers to spoof arbitrary signatures and encrypted emails that appear as valid in OpenPGP.js. The only requirement is access to a single valid signed message from the target author ("Alice"). Since this undermines the core principle of PGP and impacts integrating applications directly, we strongly recommend updating OpenPGP.js to version v5.11.3, v6.1.1, or newer.

Codean Labs
CodeanMay 13, 2025

Together with @doyensec we discovered CVE-2025-32464, a heap-buffer overflow in HAProxy. Read our write-up here: https://codeanlabs.com/blog/research/cve-2025-32464-overflowing-haproxy-regsub-converter/

Credits to Edoardo Geraci and Aleandro Prudenzano.

CVE-2025-32464 - Overflowing HAProxy regsub converter — Codean Labs

CVE-2025-32464 is a vulnerability in HAProxy 2.2 up to 3.1.6-d929ca2 which allows an attacker to perform a DoS attack exploiting specific usages of the regsub converter. It cause a heap buffer overflow, making the whole HAProxy pool of workers crash. Given the nature of the vulnerability, a scenario where this vulnerability can be abused in order to obtain RCE is not feasible, nevertheless, we recommend checking whether you are using the regsub converter in your HAProxy configuration and updating whenever possible.

Codean Labs
CodeanOct 31, 2024

We spent a lot of effort on improving the security of Ghostscript and this is our third and final blog post about everything we found.

Enjoy the read!
https://www.linkedin.com/feed/update/urn:li:share:7257706683483746304

Codean Labs on LinkedIn: Ghostscript wrap-up: overflowing buffers

Previously we wrote about our research into #Ghostscript. This is the third and final installment in which we describe in-depth five memory-corruption-related…

CodeanSep 10, 2024

We just reached over 1,000 commits on Codean 🎉

Just a few thousand more and I am sure Codean will be done by then 😉

CodeanJul 31, 2024

We are finally catching up on some basic capabilities everyone expects, but are still darn hard to get right!

Finally, landed on SCIP and SCIP indexers to have code intelligence that also enables us to create unique and cool features in the future. Stay tuned for more!

CodeanJul 9, 2024

Another day another high impact #CVE-2024-29511 on #Ghostscript ≤ 10.02.1. it leads to an arbitrary file read/write (under certain conditions) outside of the -dSAFER sandbox. You can find all details about this #vulnerability on our blogpost.

If you are curious about your own #security feel free to schedule a meeting with us to brainstorm about your own security threats. You can do this right on our website via the "Schedule a meeting" button.
https://codeanlabs.com/blog/research/cve-2024-29511-abusing-ghostscripts-ocr-device/

CVE-2024-29511 - Abusing Ghostscript's OCR device — Codean Labs

An arbitrary file read/write vulnerability in Ghostscript ≤ 10.02.1 which enables attackers to read/write arbitrary files on the complete filesystem including outside of the -dSAFER sandbox. CVE-2024-29511 has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version.

Codean Labs
CodeanJul 2, 2024

We found #CVE-2024-29510, a format string vulnerability in Ghostscript ≤ 10.03.0. It enables attackers to gain code execution while also bypassing all sandbox protections.

This vulnerability has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use #Ghostscript under the hood and an attacker can easily get #RCE. Ensure you are running the latest version!

https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation

CVE-2024-29510 - Exploiting Ghostscript using format strings — Codean Labs

A format string vulnerability in Ghostscript ≤ 10.03.0 which enables attackers to gain Remote Code Execution (#RCE) while also bypassing sandbox protections. CVE-2024-29510 has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version!

Codean Labs
CodeanMay 20, 2024
A public service announcement about #CVE-2024-4367 that we found in one of our pentests at Codean Labs. Make sure to update your #Firefox version to 126 and for #developers to update your PDF.js dependency. You can read our blog post for all details.
https://www.linkedin.com/feed/update/urn:li:share:7198264646837911553
Kevin Valk on LinkedIn: CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js

#CVE-2024-4367 that Thomas Rinsma found on PDF.js has been patched! We want to thank the awesome people at Mozilla for their fast and great collaboration in…

CodeanMay 8, 2024
We found a vulnerability in Mozilla’s PDF.js (CVE-2024-4367 and CVE-2024-34342 via react-pdf) resulting in arbitrary JavaScript execution when opening a malicious PDF. This results in XSS on many web- and even desktop apps. Blog post coming soon!
https://www.linkedin.com/feed/update/urn:li:share:7193937316061609984
Kevin Valk on LinkedIn: #vulnerability #cve #pdf #javascript

We found a #vulnerability in Mozilla’s PDF.js (#CVE-2024-4367 and CVE-2024-34342 via react-pdf) that impacts all Firefox users and many web- and Electron…

CodeanFeb 27, 2024

Our Capture The Flag events are designed around the accessibility to the source code of all vulnerable targets. What's even more fun is that the whole CTF is played from within Codean!

I guess we should host another public CTF sometime soon™!
https://www.linkedin.com/feed/update/urn:li:share:7168198151584079873

Codean Labs on LinkedIn: We are ready for another (private) Capture The Flag (CTF) event on…

We are ready for another (private) Capture The Flag (CTF) event on location this Friday. A fun escape room-escque team building event that gives you lots of…