Category Archives: security

Description: mp3splt is a command line utility to split mp3 and ogg files without decoding. A fuzz on it discovered an invalid free. The complete ASan output: # mp3splt -P -f -t 0.1 -a $FILE ==2631==ERROR: AddressSanitizer: attempting free on … Continue reading →

Description: mp3splt is a command line utility to split mp3 and ogg files without decoding. A fuzz on it discovered a NULL pointer access. The complete ASan output: # mp3splt -P -f -t 0.1 -a $FILE ==3081==ERROR: AddressSanitizer: SEGV on … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes a read overflow. The complete ASan output: # … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory read. The complete ASan output: … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes a NULL pointer access. The complete ASan output: … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory read. The complete ASan output: … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory read. The complete ASan output: … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing shows that a crafted image causes an invalid memory write. The complete ASan output: … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. With the undefined behavior sanitizer enabled, jasper crashes showing some left shift and some signed integer overflow. Affected … Continue reading →

Description: Libtiff is a software that provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. A crafted tiff file revealed a NULL pointer access. The complete ASan output: # tiffinfo -Dijr $FILE … Continue reading →