Monthly Archives: March 2017

podofo: four null pointer dereference

Description: podofo is a C++ library to work with the PDF file format. A fuzz on it through the podofotxtextract command line tool reavealed some NULL dereferences. This post will be forwarded on the upstream mailing list. The complete ASan … Continue reading

Posted in advisories, security | Leave a comment

podofo: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp)

Description: podofo is a C++ library to work with the PDF file format. A fuzz on it through the podofotxt2pdf command line tool reavealed an heap overflow. This post will be forwarded on the upstream mailing list. The complete ASan … Continue reading

Posted in advisories, security | Leave a comment

podofo: heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp)

Description: podofo is a C++ library to work with the PDF file format. A fuzz on it through the podofotxt2pdf command line tool reavealed an heap overflow. This post will be forwarded on the upstream mailing list. The complete ASan … Continue reading

Posted in advisories, security | Leave a comment

imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862 and CVE-2016-8866)

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. Another round of fuzzing pointed out that the memory allocation failure I discovered, known as CVE-2016-8862 and CVE-2016-8866 is still reproducible in the 7.0.4.9 version. As … Continue reading

Posted in advisories, security | Leave a comment

libpcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an invalid memory read. Upstream says that this bug is fixed by one of the previous commit. However I’m providing as usual the … Continue reading

Posted in advisories, security | Leave a comment

libpcre: heap-based buffer overflow in regexflip8_or_16 (pcretest.c)

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an heap overflow in the utility itself. Will follow a feedback from upstream. I am not going to do anything about this one. … Continue reading

Posted in advisories, security | Leave a comment

libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed two stack overflow write. Upstream says that these bugs are fixed by one of the previous commit. However I’m providing as usual the … Continue reading

Posted in advisories, security | 4 Comments

libpcre: invalid memory read in match (pcre_exec.c)

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the library. For who is interested in a detailed description of the bug, will follow a feedback from upstream: … Continue reading

Posted in advisories, security | 4 Comments

libpcre: NULL pointer dereference in main (pcretest.c)

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed a null pointer dereference in the utility itself. For the nature of the crash, it is not security relevant because the library is … Continue reading

Posted in advisories, security | Leave a comment

libpcre: invalid memory read in phar (pcretest.c)

Description: libpcre is a perl-compatible regular expression library. A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the utility itself. For the nature of the crash, it is not security relevant because the library is not … Continue reading

Posted in advisories, security | Leave a comment