Monthly Archives: February 2017

Description: audiofile is a C-based library for reading and writing audio files in many common formats. A fuzz on it discovered a global overflow. The complete ASan output: # sfconvert @@ out.mp3 format aiff ==1779==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f0add7e6a7a … Continue reading →

Description: audiofile is a C-based library for reading and writing audio files in many common formats. A fuzz with a wav file as input produced an heap overflow. The complete ASan output: # sfinfo $FILE ==6051==ERROR: AddressSanitizer: heap-buffer-overflow on address … Continue reading →

Description: audiofile is a C-based library for reading and writing audio files in many common formats. A fuzz with a wav file as input produced an heap overflow. The complete ASan output: # sfinfo $FILE ==6096==ERROR: AddressSanitizer: heap-buffer-overflow on address … Continue reading →

Description: Mujstest, which is part of mupdf is a scriptable tester for mupdf + js. A crafted image posted early for another issue, causes a stack overflow. The complete ASan output: # mujstest $FILE ==32127==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff29560b00 … Continue reading →

Description: mupdf is a lightweight PDF viewer and toolkit written in portable C. A fuzzing through mutool revealed a use-after-free. It seems that a fix for the recent heap overflow in fz_subsample_pixmap fixes this issue too. The complete ASan output: … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an a NULL pointer access. The complete ASan output: # unzzipcat-seeko $FILE … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered the load of a misaligned address. It can cause undefined behavior. The … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an a NULL pointer access. The complete ASan output: # unzzipcat $FILE … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an NULL pointer access. The complete ASan output: # unzzipcat-mem $FILE ==7955==ERROR: … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. The unzzipcat-seeko utility provided by the package, by default, without any crafted zip shows a NULL pointer … Continue reading →