Monthly Archives: August 2016

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted image, through a fuzz testing, causes the memory allocation to fail. Asan stacktrace: # potrace $FILE ==19351==ERROR: AddressSanitizer failed to allocate 0x200003000 (8589946880) bytes of LargeMmapAllocator (error … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted image revealed, through a fuzz testing, the presence of a invalid memory access. The complete ASan output: # potrace $FILE potrace: warning: 48.crashes: premature end of file … Continue reading →

Description: Graphicsmagick is an Image Processing System. A fuzzing revealed two minor issues in the TIFF parser. Both issues come out from different line in the tiff.c file but the problem seemcome from the same origin. The complete ASan output: … Continue reading →

Description: Libav is an open source set of tools for audio and video processing. A crafted file causes a stack-based buffer overflow. The ASan report may be confused because it mentions get_bits, but the issue is in aac_sync. This issue … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted images (bmp) revealed, through a fuzz testing, the presence of three NULL pointer access. The complete ASan output: ASAN:SIGSEGV ================================================================= ==13806==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted image (bmp) revealed, through a fuzz testing, the presence of a division by zero. The complete ASan output: # potrace $FILE.bmp ASAN:DEADLYSIGNAL ================================================================= ==25102==ERROR: AddressSanitizer: FPE on … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted images (bmp) revealed, through a fuzz testing, the presence of SIX heap-based buffer overflow. To avoid to make the post much long, I splitted the ASan output … Continue reading →

Description: WiRouterKeyRec is a recovery tool for wpa passphrase. A crafted AGPF config shows the presence of a signed integer overflow in agpf_check_agpf. The complete UBSan output: # WiRouterKeyRec –config crash.agpf -s Alice-48230959 WiRouter KeyRec 1.1.2 – (C) 2011 Salvatore … Continue reading →

Description: WiRouterKeyRec is a recovery tool for wpa passphrase. A crafted AGPF config shows the presence of a signed shift in agpf_check_agpf The complete UBSan output: # WiRouterKeyRec –config crash.agpf -s Alice-48230959 WiRouter KeyRec 1.1.2 – (C) 2011 Salvatore Fresta … Continue reading →

Description: Libav is an open source set of tools for audio and video processing. A crafted file can cause an overflow in the heap. This bug was discovered the last year, but I didn’t have time to do anything else. … Continue reading →