Monthly Archives: September 2016

libav: null pointer dereference in get_vlc2 (get_bits.h)

Posted on September 7, 2016 by ago

Description: Libav is an open source set of tools for audio and video processing. A crafted file causes a NULL pointer access. This issue was discovered the past year, but I didn’t make the report and I didn’t follow the … Continue reading →

Posted in advisories, security | Leave a comment

graphicsmagick: NULL pointer dereference in MagickStrlCpy (utility.c)

Posted on September 7, 2016 by ago

Description: Graphicsmagick is an Image Processing System. A fuzzing revealed a NULL pointer access in the TIFF parser. The complete ASan output: # gm identify $FILE ASAN:DEADLYSIGNAL ================================================================= ==19028==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fbd36dd6c3c bp 0x7ffe3c007090 sp … Continue reading →

Posted in advisories, security | Leave a comment

ettercap: etterlog: multiple (three) heap-based buffer overflow (el_profiles.c)

Posted on September 6, 2016 by ago

Description: ettercap is a comprehensive suite for man in the middle attacks. Etterlog, which is part of the package, fails to read malformed data produced from the fuzzer and then it overflows. Since there are three issues, to make it … Continue reading →

Posted in advisories, security | Leave a comment

Monthly Archives: September 2016

libav: null pointer dereference in get_vlc2 (get_bits.h)

graphicsmagick: NULL pointer dereference in MagickStrlCpy (utility.c)

ettercap: etterlog: multiple (three) heap-based buffer overflow (el_profiles.c)

Recent Posts

Recent Comments

Archives

Categories

Meta