Full title: JSC JIT Out-Of-Bounds Access Vulnerability 
Category: dos / poc
Platform: multiple
The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.

# 0day.today @ http://0day.today/