Monthly Archives: February 2017

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an out of bounds read. The complete ASan output: # unzzipcat-mem $FILE … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an a NULL pointer access. The complete ASan output: # unzzipcat-mem $FILE … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an invalid memory read. The complete ASan output: # unzzipcat-mem $FILE ==7950==ERROR: … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an heap overflow. The complete ASan output: # unzzipcat-mem $FILE ==7970==ERROR: AddressSanitizer: … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an heap overflow. The complete ASan output: # unzzipcat-mem $FILE READ of … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an heap overflow. The complete ASan output: # unzzipcat-mem $FILE ==7574==ERROR: AddressSanitizer: … Continue reading →

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on dumpelf an out of bounds read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading →

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed two invalid memory read. They was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading →

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on dumpelf shows multiple divide-by-zero . They was reported to vapier which fixed the issues immediately. Unfortunately I can’t get the ASan stacktrace, so … Continue reading →

Description: podofo is a C++ library to work with the PDF file format. A fuzz on it discovered an heap overflow. The upstream project denies me to open a new ticket. So, I’m unable to communicate with them. This will … Continue reading →