Category Archives: security

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. The unzzipcat-seeko utility provided by the package, by default, without any crafted zip shows a NULL pointer … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an out of bounds read. The complete ASan output: # unzzipcat-mem $FILE … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an a NULL pointer access. The complete ASan output: # unzzipcat-mem $FILE … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an invalid memory read. The complete ASan output: # unzzipcat-mem $FILE ==7950==ERROR: … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an heap overflow. The complete ASan output: # unzzipcat-mem $FILE ==7970==ERROR: AddressSanitizer: … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an heap overflow. The complete ASan output: # unzzipcat-mem $FILE READ of … Continue reading →

Description: zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file. A fuzz on it discovered an heap overflow. The complete ASan output: # unzzipcat-mem $FILE ==7574==ERROR: AddressSanitizer: … Continue reading →

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on dumpelf an out of bounds read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading →

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed two invalid memory read. They was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading →

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on dumpelf shows multiple divide-by-zero . They was reported to vapier which fixed the issues immediately. Unfortunately I can’t get the ASan stacktrace, so … Continue reading →