Monthly Archives: March 2017

Description: podofo is a C++ library to work with the PDF file format. A fuzz on it through the podofotxtextract command line tool reavealed some NULL dereferences. This post will be forwarded on the upstream mailing list. The complete ASan … Continue reading →

Description: podofo is a C++ library to work with the PDF file format. A fuzz on it through the podofotxt2pdf command line tool reavealed an heap overflow. This post will be forwarded on the upstream mailing list. The complete ASan … Continue reading →

Description: podofo is a C++ library to work with the PDF file format. A fuzz on it through the podofotxt2pdf command line tool reavealed an heap overflow. This post will be forwarded on the upstream mailing list. The complete ASan … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. Another round of fuzzing pointed out that the memory allocation failure I discovered, known as CVE-2016-8862 and CVE-2016-8866 is still reproducible in the 7.0.4.9 version. As … Continue reading →

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an invalid memory read. Upstream says that this bug is fixed by one of the previous commit. However I’m providing as usual the … Continue reading →

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an heap overflow in the utility itself. Will follow a feedback from upstream. I am not going to do anything about this one. … Continue reading →

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed two stack overflow write. Upstream says that these bugs are fixed by one of the previous commit. However I’m providing as usual the … Continue reading →

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the library. For who is interested in a detailed description of the bug, will follow a feedback from upstream: … Continue reading →

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed a null pointer dereference in the utility itself. For the nature of the crash, it is not security relevant because the library is … Continue reading →

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the utility itself. For the nature of the crash, it is not security relevant because the library is not … Continue reading →