Category Archives: security

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Another round of fuzzing on an updated version (1.900.5) revealed a NULL pointer access in jp2_colr_destroy The complete … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzzing with the upstream security policy enabled revealed a memory allocation failure. The complete ASan output: # identify $FILE ==14275==ERROR: AddressSanitizer failed to allocate 0x99ad49000 … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. A fuzzing revelaled a double-free in mem_close. Since jasper seems to be dead for years, I first posted … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. A fuzzing revelaled two divide-by-zero in jpc_dec_process_siz Since jasper seems to be dead for years, I first posted … Continue reading →

Description: jasper is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. A fuzzing revelaled two NULL pointer access in bmp_getdata. Since jasper seems to be dead for years, I … Continue reading →

Description: openSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. A fuzz of nginx, discovered a stack overflow that resides in libcrypto. After … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzzing with the upstream security policy enabled revealed a memory allocate failure. The complete ASan output: # identify $FILE ==25084==WARNING: AddressSanitizer failed to allocate 0x46bf39483ac … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzzing with the upstream security policy enabled revealed a buffer overflow read. The complete ASan output: # identify $FILE ==13198==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61400000fbc0 … Continue reading →

Description: libdwarf is a library to consume and produce DWARF debug information. A fuzzing revealed an out bounds read, The complete ASan output: # dwarfdump $FILE ==22886==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61300000de1c at pc 0x000000462c7c bp 0x7ffe80a3d230 sp 0x7ffe80a3c9e0 READ … Continue reading →

Description: libdwarf is a library to consume and produce DWARF debug information. A fuzzing revealed an out bounds read, The complete ASan output: # dwarfdump $FILE ==24449==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6110000059ed at pc 0x000000606cd5 bp 0x7fff42bdc5f0 sp 0x7fff42bdc5e8 READ … Continue reading →