Category Archives: security

libav: invalid memory access in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)

Description: Libav is an open source set of tools for audio and video processing. A fuzzing with an mp3 file as input discovered an invalid memory access in put_no_rnd_pixels8_xy2_mmx. The complete ASan output: # avconv -i $FILE -f null – … Continue reading

Posted in advisories, security | 4 Comments

graphicsmagick: memory allocation failure in MagickMalloc (memory.c)

Description: Graphicsmagick is an Image Processing System. After the first round of fuzzing where I discovered some slowness issues that make the fuzz hard, the second round revealed a memory allocation failure. The complete ASan output: # gm identify $FILE … Continue reading

Posted in advisories, security | Leave a comment

graphicsmagick: memory allocation failure in ReadPCXImage (pcx.c)

Description: Graphicsmagick is an Image Processing System. After the first round of fuzzing where I discovered some slowness issues that make the fuzz hard, the second round revealed a memory allocation failure. The complete ASan output: # gm identify $FILE … Continue reading

Posted in advisories, security | Leave a comment

graphicsmagick: stack-based buffer overflow in ReadSCTImage (sct.c)

Description: Graphicsmagick is an Image Processing System. After the first round of fuzzing where I discovered some slowness issues that make the fuzz hard, the second round revealed a stack-buffer-overflow. The complete ASan output: # gm identify $FILE ==23362==ERROR: AddressSanitizer: … Continue reading

Posted in advisories, security | Leave a comment

libarchive: bsdtar: stack-based buffer overflow in bsdtar_expand_char (util.c)

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. This bug comes out after 5 days of fuzzing and when AFL reports … Continue reading

Posted in advisories, security | Leave a comment

libarchive: bsdtar use-after-free in detect_form (archive_read_support_format_mtree.c)

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an use-after-free in the detect_form function in the mtree … Continue reading

Posted in advisories, security | Leave a comment

libarchive: bsdtar use-after-free in bid_entry (archive_read_support_format_mtree.c)

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an use-after-free in the bid_entry function in the mtree … Continue reading

Posted in advisories, security | Leave a comment

libarchive: bsdtar: heap-based buffer overflow in bid_entry (archive_read_support_format_mtree.c)

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the bid_entry function in the … Continue reading

Posted in advisories, security | Leave a comment

libarchive: bsdtar: memory corruption/unknown-crash in bid_entry (archive_read_support_format_mtree.c)

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the bid_entry function in the … Continue reading

Posted in advisories, security | Leave a comment

libarchive: bsdtar: heap-based buffer overflow in read_Header (archive_read_support_format_7zip.c)

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the read_Header function in the … Continue reading

Posted in advisories, security | Leave a comment