-
Recent Posts
Recent Comments
- strongcourage on Why I stopped fuzzing research
- Bob Friesenhahn on Why I stopped fuzzing research
- #gentoo dev: Why I stopped fuzzing research https://blogs.gentoo.or… | Dr. Roy Schestowitz (罗伊) on Why I stopped fuzzing research
- Ulya on Why I stopped fuzzing research
- ago on Install Gentoo in less than one minute
Archives
- July 2020
- April 2020
- March 2019
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- February 2016
- July 2015
- August 2013
- June 2013
- May 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
Categories
Meta
Monthly Archives: May 2017
ytnef: heap-based buffer overflow in DecompressRTF (ytnef.c)
Description: ytnef is Yeraze’s TNEF Stream Reader – for winmail.dat files. The complete ASan output of the issue: # ytnefprint $FILE ==22808==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61800000039e at pc 0x7f6b57c2fcb8 bp 0x7ffd8ca179d0 sp 0x7ffd8ca179c8 READ of size 1 at 0x61800000039e … Continue reading
Posted in advisories, security
1 Comment
ytnef: memory allocation failure in TNEFFillMapi (ytnef.c)
Description: ytnef is Yeraze’s TNEF Stream Reader – for winmail.dat files. The complete ASan output of the issue: # ytnefprint $FILE ==11998==AddressSanitizer CHECK failed: /tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.0/work/compiler-rt-4.0.0.src/lib/sanitizer_common/sanitizer_common.cc:120 “((0 && “unable to mmap”)) != (0)” (0x0, 0x0) #0 0x4d95cf in __asan::AsanCheckFailed(char const*, int, … Continue reading
Posted in advisories, security
Leave a comment
ytnef: heap-based buffer overflow in SwapDWord (ytnef.c)
Description: ytnef is Yeraze’s TNEF Stream Reader – for winmail.dat files. The complete ASan output of the issue: # ytnefprint $FILE ==12532==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000014 at pc 0x7f8e3c35544e bp 0x7ffeb883d890 sp 0x7ffeb883d888 READ of size 1 at 0x602000000014 … Continue reading
Posted in advisories, security
Leave a comment
ytnef: heap-based-buffer overflow in SwapWord (ytnef.c)
Description: ytnef is Yeraze’s TNEF Stream Reader – for winmail.dat files. The complete ASan output of the issue: # ytnefprint $FILE ==22220==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000038 at pc 0x7ff75139d8eb bp 0x7ffeed684ad0 sp 0x7ffeed684ac8 READ of size 1 at 0x602000000038 … Continue reading
Posted in advisories, security
Leave a comment
ytnef: NULL pointer dereference in MAPIPrint (ytnef.c)
Description: ytnef is Yeraze’s TNEF Stream Reader – for winmail.dat files. The complete ASan output of the issue: # ytnefprint $FILE ==12467==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f59364c62b6 bp 0x7ffe1b8d4af0 sp 0x7ffe1b8d4278 T0) ==12467==The signal is caused by … Continue reading
Posted in advisories, security
1 Comment
ytnef: heap-based buffer overflow in PrintTNEF (ytnefprint/main.c)
Description: ytnef is Yeraze’s TNEF Stream Reader – for winmail.dat files. The complete ASan output of the issue: # ytnefprint $FILE ==11928==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001031 at pc 0x00000049df8d bp 0x7ffd1e1feb20 sp 0x7ffd1e1fe2d0 READ of size 2 at 0x602000001031 … Continue reading
Posted in advisories, security
Leave a comment
qpdf: three infinite loop in libqpdf
Description: qpdf QPDF is a command-line program that does structural, content-preserving transformations on PDF files. I discovered three infinite loop. Upstream didn’t provide a feedback, so they might have the same root cause. # qpdf $FILE – ==8000==ERROR: AddressSanitizer: stack-overflow … Continue reading
Posted in advisories, security
Leave a comment
imageworsener: multiple vulnerabilities
Description: imageworsener is a utility for image scaling and processing. After have fuzzed the 1.3.0 release and have found something already documented in the previous posts, I re-tested the new release and the fuzzer turned up some issues. I don’t … Continue reading
Posted in advisories, security
Leave a comment
autotrace: multiple vulnerabilities (The autotrace nightmare)
Description: autotrace is a program for converting bitmaps to vector graphics. Time ago I tried to fuzz autotrace, but the first attempt resulted in a crash-by-default so I was unable to complete the task. See CVE-2016-7392 – autotrace: heap-based buffer … Continue reading
Posted in advisories, security
7 Comments
binutils: multiple crashes
Description: binutils are a collection of binary tools necessary to build programs. After the post on oss-security from Thuan Pham I was interested too into the fuzz of binutils to see what will happen…Here are the partial results (I didn’t … Continue reading
Posted in advisories, security
3 Comments