Monthly Archives: November 2016

Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed a divide by zero in listmp3. The bug does not reside … Continue reading →

Description: libtiff is a software that provides support for the Tag Image File Format (TIFF). During the fuzz of imagemagick, I noticed a memory allocation failure in libtiff. The issue was first reported to the imagemagick’s developers which confirmed that … Continue reading →

Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed a global buffer overflow in listmp3. The bug does not reside … Continue reading →

Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz on an updated version revealed a memory allocation failure. The complete ASan output: # dwarfdump $FILE ==27994==WARNING: AddressSanitizer failed to allocate 0x62696c2f7273752f bytes ==27994==AddressSanitizer’s allocator is … Continue reading →

Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz on an updated version revealed a buffer overflow. The complete ASan output: # dwarfdump $FILE ==27460==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600000eff4 at pc 0x00000047349b bp 0x7ffd9feadaf0 … Continue reading →

Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz on an updated version revealed a buffer overflow. The complete ASan output: # dwarfdump $FILE ==27395==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61300000de1c at pc 0x000000528cd3 bp 0x7ffd980a63b0 … Continue reading →

Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz on an updated version revealed a buffer overflow. The complete ASan output: # dwarfdump $FILE ==2437==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62000000fe5b at pc 0x000000462c7c bp 0x7ffea0d4b690 … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. A crafted image, maybe posted in the past as testcase for another bug, causes in the 1.900.18 version … Continue reading →

Description: elfutils is a set of libraries/utilities to handle ELF objects (drop in replacement for libelf). During the fuzz of libdwarf, I noticed a memory allocation failure which involves elfutils. Actually there is a proposed patch on the elfutils mailing … Continue reading →

Description: elfutils is a set of libraries/utilities to handle ELF objects (drop in replacement for libelf). During the fuzz of libdwarf, I noticed a memory allocation failure which involves elfutils. To have a double-check, the bug was first reported to … Continue reading →