Category Archives: security

Description: libarchive is a multi-format archive and compression library. After it got fuzzed by hanno and some other people (1 2 3)I decided to fuzz it too. A crafted file causes an heap overflow in the detect_form function in the … Continue reading →

Description: autotrace is a program for converting bitmaps to vector graphics. If compiled with Address Sanitizer, it shows that ANY bmp image causes an out-of-bounds write. The complete ASan output: # autotrace $FILE ==31756==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61700000ff20 at … Continue reading →

Description: ettercap is a comprehensive suite for man in the middle attacks. Etterlog, which is part of the package, fails to read malformed data produced from the fuzzer and makes visible a NULL pointer access. The complete ASan output: # … Continue reading →

Description: Libav is an open source set of tools for audio and video processing. A crafted file causes a NULL pointer access. This issue was discovered the past year, but I didn’t make the report and I didn’t follow the … Continue reading →

Description: Graphicsmagick is an Image Processing System. A fuzzing revealed a NULL pointer access in the TIFF parser. The complete ASan output: # gm identify $FILE ASAN:DEADLYSIGNAL ================================================================= ==19028==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fbd36dd6c3c bp 0x7ffe3c007090 sp … Continue reading →

Description: ettercap is a comprehensive suite for man in the middle attacks. Etterlog, which is part of the package, fails to read malformed data produced from the fuzzer and then it overflows. Since there are three issues, to make it … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted image, through a fuzz testing, causes the memory allocation to fail. Asan stacktrace: # potrace $FILE ==19351==ERROR: AddressSanitizer failed to allocate 0x200003000 (8589946880) bytes of LargeMmapAllocator (error … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted image revealed, through a fuzz testing, the presence of a invalid memory access. The complete ASan output: # potrace $FILE potrace: warning: 48.crashes: premature end of file … Continue reading →

Description: Graphicsmagick is an Image Processing System. A fuzzing revealed two minor issues in the TIFF parser. Both issues come out from different line in the tiff.c file but the problem seemcome from the same origin. The complete ASan output: … Continue reading →

Description: Libav is an open source set of tools for audio and video processing. A crafted file causes a stack-based buffer overflow. The ASan report may be confused because it mentions get_bits, but the issue is in aac_sync. This issue … Continue reading →