Monthly Archives: October 2016

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing on an updated version (1.900.10) revealed that the NULL pointer access identified as CVE-2016-8887 … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing on an updated version (1.900.10) a buffer over read because of an integer overflow. … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing on an updated version (1.900.5) revealed another NULL pointer access The complete ASan output: … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. Another round of fuzzing pointed out that the memory allocation failure I discovered is still reproducible in the 7.0.3.4 version. As usual, the upstream security policy … Continue reading →

Description: libwmf is a library for reading vector images in Microsøft’s native Windøws Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the … Continue reading →

Description: snzip is a compression/decompression tool based on snappy. A fuzzing revealed a memory allocation failure. The complete ASan output: # snzip -d $FILE Ȥ�==12351==WARNING: AddressSanitizer failed to allocate 0xffffffffc8617364 bytes ==12351==AddressSanitizer’s allocator is terminating the process instead of returning … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing on an updated version (1.900.5) revealed that the previous issues, reported as CVE-2016-8690, are … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing on an updated version (1.900.5) revealed a memory allocation failure. The complete ASan output: … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing on an updated version (1.900.5) revealed a NULL pointer access in jp2_colr_destroy The complete … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzzing with the upstream security policy enabled revealed a memory allocation failure. The complete ASan output: # identify $FILE ==14275==ERROR: AddressSanitizer failed to allocate 0x99ad49000 … Continue reading →