oss-sec mailing list archives
Re: Re: Fuzzing jasper
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 17 Oct 2016 01:02:45 +0200
Hi, On Sun, 16 Oct 2016 10:23:43 +0000 Graham Christensen <graham () grahamc com> wrote:
For what it is worth, Jasper has recently issued a release fixing many CVEs, and would likely appreciate these fussing results as bug reports on their github project: https://github.com/mdadams/jasper/
I tested the code again with afl (after the fixes for the stuff Agostino reported) and it immediately found multiple issues: https://github.com/mdadams/jasper/issues/28 Heap overflow in jpc_dec_cp_setfromcox() https://github.com/mdadams/jasper/issues/29 Heap overflow in jpc_getuint16() https://github.com/mdadams/jasper/issues/30 segfault / null pointer access in jpc_pi_destroy https://github.com/mdadams/jasper/issues/31 double free on jpeg parsing https://github.com/mdadams/jasper/issues/32 assert in jpc_dec_tiledecode() This will need some work till it's fuzzing resistant. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Fuzzing jasper cve-assign (Oct 15)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Hanno Böck (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 17)
- Re: Fuzzing jasper cve-assign (Oct 22)
- Re: Fuzzing jasper cve-assign (Oct 23)
- <Possible follow-ups>
- Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)