-
Recent Posts
Recent Comments
- strongcourage on Why I stopped fuzzing research
- Bob Friesenhahn on Why I stopped fuzzing research
- #gentoo dev: Why I stopped fuzzing research https://blogs.gentoo.or… | Dr. Roy Schestowitz (罗伊) on Why I stopped fuzzing research
- Ulya on Why I stopped fuzzing research
- ago on Install Gentoo in less than one minute
Archives
- July 2020
- April 2020
- March 2019
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- February 2016
- July 2015
- August 2013
- June 2013
- May 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
Categories
Meta
Monthly Archives: September 2017
binutils: heap-based buffer overflow in read_1_byte (dwarf2.c)
Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==3235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000000512 at pc 0x7f7c93ae3c88 bp … Continue reading
Posted in advisories, security
1 Comment
binutils: NULL pointer dereference in scan_unit_for_symbols (dwarf2.c)
Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==491==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6e3316d573 bp … Continue reading
Posted in advisories, security
Leave a comment
binutils: memory allocation failure in _bfd_elf_slurp_version_tables (elf.c)
Description: binutils is a set of tools necessary to build programs. This issue was initially discovered because the nm process eat ~230GB of ram. Later on, another testcase hits the issue and now I have a stracktrace. The relevant ASan … Continue reading
Posted in advisories, security
Leave a comment
binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c)
Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==40547==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000574 at pc 0x0000004c1ca8 bp … Continue reading
Posted in advisories, security
1 Comment
graphicsmagick: assertion failure in pixel_cache.c
Description: graphicsmagick is a collection of tools and libraries for many image formats. The complete output of the issue: # gm convert $FILE null gm: magick/pixel_cache.c:1089: const PixelPacket AcquireImagePixels(const Image , const long, const long, const unsigned long, const unsigned … Continue reading
Posted in advisories, security
Leave a comment
bladeenc: global buffer overflow in iteration_loop (loop.c)
Description: bladeenc is an mp3 encoder. There is a write overflow by default without a crafted file in the bladeenc command-line tool. The upstream website does not work anymore for me. The complete ASan output of the issue: # bladeenc … Continue reading
Posted in advisories, security
Leave a comment
bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)
Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==4435==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fe62b800e86 at pc 0x00000057b5a3 … Continue reading
Posted in advisories, security
Leave a comment
bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)
Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==9052==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fc5ce900866 at pc 0x00000057b5a3 … Continue reading
Posted in advisories, security
Leave a comment
bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp)
Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==20986==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000174 at pc 0x0000004ee515 … Continue reading
Posted in advisories, security
Leave a comment
bento4: heap-based buffer overflow in AP4_BytesToUInt32BE (Ap4Utils.h)
Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==1966==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x617000000324 at pc 0x000000690d51 … Continue reading
Posted in advisories, security
1 Comment