Monthly Archives: July 2015

libav: divide-by-zero in ff_h263_decode_mba()

Description: Libav is an open source set of tools for audio and video processing. After talking with Luca Barbato which is both a Gentoo and Libav developer, I spent a bit of my time fuzzing libav and in particular I … Continue reading

Posted in advisories, security | Leave a comment

siege: off-by-one in load_conf()

Description: Siege is an http load testing and benchmarking utility. During the test of a webserver, I hit a segmentation fault. I recompiled siege with ASan and it clearly show an off-by-one in load_conf(). The issue is reproducible without passing … Continue reading

Posted in advisories, security | Leave a comment