-
Recent Posts
Recent Comments
- strongcourage on Why I stopped fuzzing research
- Bob Friesenhahn on Why I stopped fuzzing research
- #gentoo dev: Why I stopped fuzzing research https://blogs.gentoo.or… | Dr. Roy Schestowitz (罗伊) on Why I stopped fuzzing research
- Ulya on Why I stopped fuzzing research
- ago on Install Gentoo in less than one minute
Archives
- July 2020
- April 2020
- March 2019
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- February 2016
- July 2015
- August 2013
- June 2013
- May 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
Categories
Meta
Monthly Archives: June 2017
xar: NULL pointer dereference in xar_get_path (util.c)
Description: xar is an easily extensible archive format. The complete ASan output of the issue: # xar -t -f $FILE ==5525==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f075cfb35f6 bp 0x7fff705167b0 sp 0x7fff70515f38 T0) ==5525==The signal is caused by a … Continue reading
Posted in advisories, security
Leave a comment
xar: NULL pointer dereference in xar_unserialize (archive.c)
Description: xar is an easily extensible archive format. The complete ASan output of the issue: # xar -t -f $FILE ==7615==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7f71a859ebd6 bp 0x7fffd8ace150 sp 0x7fffd8acde80 T0) ==7615==The signal is caused by a … Continue reading
Posted in advisories, security
1 Comment
lame: two UBSAN crashes
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
Leave a comment
lame: multiple left shift
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
Leave a comment
lame: stack-based buffer overflow in III_dequantize_sample (layer3.c)
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
2 Comments
lame: stack-based buffer overflow in III_i_stereo (layer3.c)
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
6 Comments
lame: heap-based buffer overflow in fill_buffer_resample (util.c)
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
1 Comment
lame: global-buffer-overflow in III_i_stereo (layer3.c)
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
Leave a comment
lame: global-buffer-overflow in II_step_one (layer2.c)
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
2 Comments
lame: divide-by-zero in parse_wave_header (get_audio.c)
Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading
Posted in advisories, security
Leave a comment