Monthly Archives: September 2016

Description: Graphicsmagick is an Image Processing System. After the first round of fuzzing where I discovered some slowness issues that make the fuzz hard, the second round revealed a stack-buffer-overflow. The complete ASan output: # gm identify $FILE ==23362==ERROR: AddressSanitizer: … Continue reading →

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. This bug comes out after 5 days of fuzzing and when AFL reports … Continue reading →

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an use-after-free in the detect_form function in the mtree … Continue reading →

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an use-after-free in the bid_entry function in the mtree … Continue reading →

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the bid_entry function in the … Continue reading →

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the bid_entry function in the … Continue reading →

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the read_Header function in the … Continue reading →

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the detect_form function in the … Continue reading →

Description: autotrace is a program for converting bitmaps to vector graphics. If compiled with Address Sanitizer, it shows that ANY bmp image causes an out-of-bounds write. The complete ASan output: # autotrace $FILE ==31756==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61700000ff20 at … Continue reading →

Description: ettercap is a comprehensive suite for man in the middle attacks. Etterlog, which is part of the package, fails to read malformed data produced from the fuzzer and makes visible a NULL pointer access. The complete ASan output: # … Continue reading →