-
Recent Posts
Recent Comments
- strongcourage on Why I stopped fuzzing research
- Bob Friesenhahn on Why I stopped fuzzing research
- #gentoo dev: Why I stopped fuzzing research https://blogs.gentoo.or… | Dr. Roy Schestowitz (罗伊) on Why I stopped fuzzing research
- Ulya on Why I stopped fuzzing research
- ago on Install Gentoo in less than one minute
Archives
- July 2020
- April 2020
- March 2019
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- February 2016
- July 2015
- August 2013
- June 2013
- May 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
Categories
Meta
Monthly Archives: April 2017
libmad: assertion failure in layer3.c
Description: libmad stays for “M”peg “A”udio “D”ecoder library. The same testcase provided in the article: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) is able to show an assertion failure if libmad was compiled with debug (–enable-debugging). The complete output of … Continue reading
Posted in advisories, security
Leave a comment
libmad: heap-based buffer overflow in mad_layer_III (layer3.c)
Description: libmad stays for “M”peg “A”udio “D”ecoder library. There is an heap overflow discovered through madplay. The complete ASan output: # madplay -v -i -o raw:out $FILE ==14773==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61e00000fa87 at pc 0x0000004bc8ec bp 0x7ffcda3263d0 sp 0x7ffcda325b80 … Continue reading
Posted in advisories, security
Leave a comment
libmad: heap-based buffer overflow in mad_bit_skip (bit.c)
Description: libmad stays for “M”peg “A”udio “D”ecoder library. There is an heap overflow discovered through madplay. The complete ASan output: # madplay -v -i -o raw:out $FILE ==12603==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200000c09f at pc 0x7f72d6aa05c0 bp 0x7fff03e32040 sp 0x7fff03e32038 … Continue reading
Posted in advisories, security
Leave a comment
rzip: heap-based buffer overflow in read_buf (stream.c)
Description: rzip is a compression program for large files. A crafted archive causes an heap overflow write. The complete ASan output: # rzip -k -f -d $FILE Read of length -1325400064 failed – Bad address ================================================================= ==5655==ERROR: AddressSanitizer: heap-buffer-overflow on … Continue reading
Posted in advisories, security
Leave a comment
ettercap: etterfilter: heap-based buffer overflow write
Description: ettercap is a comprehensive suite for man in the middle attacks. There is an heap overflow write in etterfilter if it parses a malformed filter. The complete ASan output: # etterfilter $FILE etterfilter 0.8.2 copyright 2001-2015 Ettercap Development Team … Continue reading
Posted in advisories, security
4 Comments
libpcre: heap-based buffer overflow write in pcre2test.c
Description: libpcre is a perl-compatible regular expression library. A fuzz on pcre2 via pcre2test revealed an overflow in that command-line utility. # pcre2test -d -i -32 $FILE ==30932==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61100000a000 at pc 0x7f2d8c3aea0f bp 0x7ffeea6b6e20 sp 0x7ffeea6b6e18 … Continue reading
Posted in advisories, security
Leave a comment
libsndfile: global buffer overflow in i2les_array (pcm.c)
Description: libsndfile is a C library for reading and writing files containing sampled sound. The complete ASan output of the issue: # sndfile-convert $FILE out.wav ==27948==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013cd13c at pc 0x7f59caaaaace bp 0x7ffcab360cf0 sp 0x7ffcab360ce8 READ of … Continue reading
Posted in advisories, security
Leave a comment
libsndfile: heap-based buffer overflow in flac_buffer_copy (flac.c)
Description: libsndfile is a C library for reading and writing files containing sampled sound. The complete ASan output of the issue: # sndfile-convert $FILE out.wav ==26966==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000001110 at pc 0x7fd12fe865e6 bp 0x7ffea55e99f0 sp 0x7ffea55e99e8 READ of … Continue reading
Posted in advisories, security
1 Comment
libsndfile: global buffer overflow in flac_buffer_copy (flac.c)
Description: libsndfile is a C library for reading and writing files containing sampled sound. The complete ASan output of the issue: # sndfile-convert $FILE out.wav ==24715==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013cc140 at pc 0x7f4f387e75ee bp 0x7ffe9d102370 sp 0x7ffe9d102368 WRITE of … Continue reading
Posted in advisories, security
Leave a comment
libsndfile: invalid memory read in flac_buffer_copy (flac.c)
Description: libsndfile is a C library for reading and writing files containing sampled sound. The complete ASan output of the issue: # sndfile-resample -to 24000 -c 1 $FILE out ==19624==ERROR: AddressSanitizer: SEGV on unknown address 0x000000004000 (pc 0x7fe14fe3f2b3 bp 0x000000004000 … Continue reading
Posted in advisories, security
Leave a comment