-
Recent Posts
Recent Comments
- strongcourage on Why I stopped fuzzing research
- Bob Friesenhahn on Why I stopped fuzzing research
- #gentoo dev: Why I stopped fuzzing research https://blogs.gentoo.or… | Dr. Roy Schestowitz (罗伊) on Why I stopped fuzzing research
- Ulya on Why I stopped fuzzing research
- ago on Install Gentoo in less than one minute
Archives
- July 2020
- April 2020
- March 2019
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- February 2016
- July 2015
- August 2013
- June 2013
- May 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
Categories
Meta
Monthly Archives: February 2017
podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp)
Description: podofo is a C++ library to work with the PDF file format. A fuzz on it discovered an infinite loop. The upstream project denies me to open a new ticket. So, I’m unable to communicate with them. The complete … Continue reading
Posted in advisories, security
2 Comments
podofo: signed integer overflow in PdfParser.cpp
Description: podofo is a C++ library to work with the PDF file format. A fuzz on it with the UBSAN discovered a signed integer overflow. The upstream project denies me to open a new ticket. So, I’m unable to communicate … Continue reading
Posted in advisories, security
1 Comment
podofo: NULL pointer dereference in PdfOutputStream.cpp
Description: podofo is a C++ library to work with the PDF file format. A fuzz on it with the UBSAN discovered a NULL pointer access. The upstream project denies me to open a new ticket. So, I’m unable to communicate … Continue reading
Posted in advisories, security
1 Comment
podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp)
Description: podofo is a C++ library to work with the PDF file format. A fuzz on it discovered a NULL pointer access. The upstream project denies me to open a new ticket. So, I’m unable to communicate with them. The … Continue reading
Posted in advisories, security
1 Comment
podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp)
Description: podofo is a C++ library to work with the PDF file format. A fuzz on it discovered a NULL pointer access. The upstream project denies me to open a new ticket. So, I’m unable to communicate with them. The … Continue reading
Posted in advisories, security
Leave a comment
pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)
Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed an out-of bound read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading
Posted in advisories, gentoo, security
1 Comment
pax-utils: scanelf: out of bounds read in scanelf_file_textrel (scanelf.c)
Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed an out-of bound read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading
Posted in advisories, gentoo, security
1 Comment
mp3splt: NULL pointer dereference in free_options (options_manager.c)
Description: mp3splt is a command line utility to split mp3 and ogg files without decoding. A fuzz on it discovered a NULL pointer access. The complete ASan output: # mp3splt -P -f -t 0.1 -a $FILE ==3026==ERROR: AddressSanitizer: SEGV on … Continue reading
Posted in advisories, security
1 Comment