Category Archives: security

Description: imageworsener is a utility for image scaling and processing. After have fuzzed the 1.3.0 release and have found something already documented in the previous posts, I re-tested the new release and the fuzzer turned up some issues. I don’t … Continue reading →

Description: autotrace is a program for converting bitmaps to vector graphics. Time ago I tried to fuzz autotrace, but the first attempt resulted in a crash-by-default so I was unable to complete the task. See CVE-2016-7392 – autotrace: heap-based buffer … Continue reading →

Description: binutils are a collection of binary tools necessary to build programs. After the post on oss-security from Thuan Pham I was interested too into the fuzz of binutils to see what will happen…Here are the partial results (I didn’t … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==4026==ERROR: AddressSanitizer: heap-use-after-free on address 0x62100000dd00 at pc 0x0000004bccc5 bp 0x7ffcf3b4d9f0 sp 0x7ffcf3b4d1a0 READ of size 1 … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==25584==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ef33 at pc 0x00000045246e bp 0x7ffd881d4970 sp 0x7ffd881d4120 WRITE of size 8 … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==3311==ERROR: AddressSanitizer: SEGV on unknown address 0x602000010000 (pc 0x7f75cabe8834 bp 0x62100002c11f sp 0x7f7085ab4d78 T5) ==3311==The signal is … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==1329==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002d0 (pc 0x7fa931ad7660 bp 0x7ffff4a30c30 sp 0x7ffff4a309f8 T0) ==1329==The signal is … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==24966==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005e7caa bp 0x7f7c755a58d0 sp 0x7f7c755a5870 T2) ==24966==The signal is … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE Decompressing… ASAN:DEADLYSIGNAL ================================================================= ==8026==ERROR: AddressSanitizer: FPE on unknown address 0x0000005e7957 (pc 0x0000005e7957 bp 0x7fcdf9ba58d0 sp 0x7fcdf9ba5870 T1) … Continue reading →

Description: libarchive is a multi-format archive and compression library. In the 2016 I reported two heap-based buffer over-read to libarchive. They appear to have already been fixed in the trunk when I reported them; here are the details: # bsdtar … Continue reading →