-
Recent Posts
Recent Comments
- strongcourage on Why I stopped fuzzing research
- Bob Friesenhahn on Why I stopped fuzzing research
- #gentoo dev: Why I stopped fuzzing research https://blogs.gentoo.or… | Dr. Roy Schestowitz (罗伊) on Why I stopped fuzzing research
- Ulya on Why I stopped fuzzing research
- ago on Install Gentoo in less than one minute
Archives
- February 2025
- July 2020
- April 2020
- March 2019
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- February 2016
- July 2015
- August 2013
- June 2013
- May 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
Categories
Meta
Monthly Archives: August 2017
graphicsmagick: memory allocation failure in MagickRealloc (memory.c)
Description: graphicsmagick is a collection of tools and libraries for many image formats. The relevant ASan output of the issue: # gm convert -clip -negate $FILE out ==15168==End of process memory map. ==15168==AddressSanitizer CHECK failed: /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/sanitizer_common/sanitizer_common.cc:120 “((0 && “unable to … Continue reading
Posted in advisories, security
Leave a comment
openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c)
Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2k ==159529==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fde59900160 at pc 0x000000450bef bp 0x7ffe7641f3c0 sp 0x7ffe7641eb70 WRITE of size 36 … Continue reading
Posted in advisories, security
2 Comments
openjpeg: invalid memory write in tgatoimage (convert.c)
Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k ASAN:DEADLYSIGNAL ================================================================= ==13239==ERROR: AddressSanitizer: SEGV on unknown address 0x7f4f2e9b4800 (pc … Continue reading
Posted in advisories, security
Leave a comment
openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c)
Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in … Continue reading
Posted in advisories, security
3 Comments
sys-kernel/grsecurity-sources available!
Is known that the grsecurity project since few weeks made available the grsecurity patches only for their customers. In the meantime some people made their fork of the latest publicly available patches. At Gentoo, for some reasons (which I respect) … Continue reading
Posted in gentoo, security
10 Comments
openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c)
Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -I -cinema4K -n 1 -i $FILE -o null.jp2 ==133214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61100000012b at pc 0x7f221efde81a bp 0x7ffd4c1d9ad0 sp 0x7ffd4c1d9ac8 WRITE of … Continue reading
Posted in advisories, security
1 Comment
openjpeg: heap-based buffer overflow in opj_mqc_flush (mqc.c)
Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2c ==81142==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000b6 at pc 0x7fc39ca4a189 bp 0x7fff91c10aa0 sp 0x7fff91c10a98 WRITE of size 1 … Continue reading
Posted in advisories, security
1 Comment
openjpeg: memory allocation failure in opj_aligned_alloc_n (opj_malloc.c)
Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2c ==78690==ERROR: AddressSanitizer failed to allocate 0x5ea7983000 (406538694656) bytes of LargeMmapAllocator (error code: 12) ==78690==Process memory map follows: … Continue reading
Posted in advisories, security
1 Comment
imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c)
Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. The complete ASan output of the issue: # convert $FILE null ==109188==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000049f8 at pc 0x7f81ecd9b4c2 bp 0x7ffe3c52f850 sp 0x7ffe3c52f848 READ of … Continue reading
Posted in advisories, security
1 Comment
imagemagick: use-after-free in DestroyImage (image.c)
Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. The complete ASan output of the issue: # convert $FILE null ==151587==ERROR: AddressSanitizer: heap-use-after-free on address 0x627000037d50 at pc 0x7f4697f94380 bp 0x7ffd1011d370 sp 0x7ffd1011d368 READ of … Continue reading
Posted in advisories, security
Leave a comment