Category Archives: security

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted images (bmp) revealed, through a fuzz testing, the presence of three NULL pointer access. The complete ASan output: ASAN:SIGSEGV ================================================================= ==13806==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted image (bmp) revealed, through a fuzz testing, the presence of a division by zero. The complete ASan output: # potrace $FILE.bmp ASAN:DEADLYSIGNAL ================================================================= ==25102==ERROR: AddressSanitizer: FPE on … Continue reading →

Description: potrace is a utility that transforms bitmaps into vector graphics. A crafted images (bmp) revealed, through a fuzz testing, the presence of SIX heap-based buffer overflow. To avoid to make the post much long, I splitted the ASan output … Continue reading →

Description: WiRouterKeyRec is a recovery tool for wpa passphrase. A crafted AGPF config shows the presence of a signed integer overflow in agpf_check_agpf. The complete UBSan output: # WiRouterKeyRec –config crash.agpf -s Alice-48230959 WiRouter KeyRec 1.1.2 – (C) 2011 Salvatore … Continue reading →

Description: WiRouterKeyRec is a recovery tool for wpa passphrase. A crafted AGPF config shows the presence of a signed shift in agpf_check_agpf The complete UBSan output: # WiRouterKeyRec –config crash.agpf -s Alice-48230959 WiRouter KeyRec 1.1.2 – (C) 2011 Salvatore Fresta … Continue reading →

Description: Libav is an open source set of tools for audio and video processing. A crafted file can cause an overflow in the heap. This bug was discovered the last year, but I didn’t have time to do anything else. … Continue reading →

Description: WiRouterKeyRec is a recovery tool for wpa passphrase. A crafted AGPF config causes a divide-by-zero in agpf_get_serial. The complete ASan output: WiRouterKeyRec –config crash.agpf -s Alice-48230959 WiRouter KeyRec 1.1.2 – (C) 2011 Salvatore Fresta http://www.salvatorefresta.net ASAN:DEADLYSIGNAL ================================================================= ==27225==ERROR: AddressSanitizer: … Continue reading →

Description: logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. A crafted config causes … Continue reading →

Description: syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases (SQL and NoSQL alike) and more. A crafted config crashes the process because of a NULL pointer access. … Continue reading →

Description: desktop-file-utils is command line set of utilities to work with desktop menu entries A fuzz against desktop-file-utils binary revealed that there was an heap overflow. The complete ASan output: # desktop-file-validate crafted.desktop ================================================================= ==29796==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000e843 … Continue reading →