Monthly Archives: December 2016

graphicsmagick: memory allocation failure in MagickRealloc (memory.c)

Description: Graphicsmagick is an Image Processing System. This is an old memory failure, discovered time ago. The maintainer, Mr. Bob Friesenhahn was able to reproduce the issue; I’m quoting his feedback about: The problem is that the embedded JPEG data … Continue reading

Posted in advisories, security | 1 Comment

libming: listswf: NULL pointer dereference in dumpBuffer (read.c)

Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed a null pointer access in listswf. The bug does not reside … Continue reading

Posted in advisories, security | Leave a comment

libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c)

Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed an overflow in listswf. The bug does not reside in any … Continue reading

Posted in advisories, security | Leave a comment

libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c)

Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed an overflow in listswf. The bug does not reside in any … Continue reading

Posted in advisories, security | Leave a comment

libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)

Description: libming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.. A fuzzing revealed an overflow in listswf. The bug does not reside in any … Continue reading

Posted in advisories, security | Leave a comment

imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzz on an updated version which includes the fix for CVE-2016-9556, revealed that the issue is still present. The complete ASan output: # identify $FILE … Continue reading

Posted in advisories, security | Leave a comment

libav: multiple crashes from the Undefined Behavior Sanitizer

Description: Libav is an open source set of tools for audio and video processing. A fuzzing on an updated stable releases with the Undefined Behavior Sanitizer enabled, revealed multiple crashes. At the date I’m releasing this post, upstream didn’t give … Continue reading

Posted in advisories, security | 1 Comment