Monthly Archives: November 2016

metapixel: multiple assertion failures

Description: metapixel is a program for generating photomosaics. A fuzzing on metapixel-imagesize revealed multiple assertion failures. The latest upstream release was about ten years ago, so I didn’t made any report. The bugs do not reside in any shared object … Continue reading

Posted in advisories, security | Leave a comment

metapixel: heap-based buffer overflow in open_gif_file (rwgif.c)

Description: metapixel is a program for generating photomosaics. A fuzzing on metapixel-imagesize revealed an overflow. The latest upstream release was about ten years ago, so I didn’t made any report. The bug does not resides in any shared object which … Continue reading

Posted in advisories, security | Leave a comment

jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. A crafted image, through an intensive fuzz on the 1.900.22 version revealed a stack overflow. The complete ASan … Continue reading

Posted in advisories, security | Leave a comment

imagemagick: null pointer must never be null (tiff.c)

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzz on an updated version with the undefined behavior sanitizer enabled, revealed a null pointer which is declared to never be null. The complete UBSan … Continue reading

Posted in advisories, security | 2 Comments

An alternative to git bisect with Gentoo and the live ebuild

Git bisect is absolutely powerful, but sometimes is more comfortable use emerge instead of compile the software outside the package manager. That was my case with media-libs/jasper which I’m picking as example for this ‘howto’ So basically, you are running … Continue reading

Posted in gentoo | 4 Comments

libdwarf: negation overflow in dwarf_leb.c

Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz with the Undefined Behavior Sanitizer shows a negation that cannot be represented as long long. The complete UBSan output: # dwarfdump $FILE dwarf_leb.c:306:19: runtime error: negation … Continue reading

Posted in advisories, security | 1 Comment

jasper: signed integer overflow in jas_image.c

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. The undefined behavior sanitizer shows a signed integer overflow in jas_image.c As you can see, the commit which … Continue reading

Posted in advisories, security | Leave a comment

imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h)

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzz on an updated version revealed another overflow. The complete ASan output: # identify $FILE ================================================================= ==696==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000009700 at pc 0x7f300036c9a3 … Continue reading

Posted in advisories, security | 1 Comment

jasper: multiple Assertion failure

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. A fuzzing revealed multiple assertion failures. Since the jasper’s maintainer releases frequently, the fuzzing was done across multiple … Continue reading

Posted in advisories, security | Leave a comment

libming: listmp3: left shift in listmp3.c

Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed a left shift in listmp3. The bug does not reside in … Continue reading

Posted in advisories, security | Leave a comment