Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Nov 2014 15:10:37 +0100
From: Hanno Böck <>
Subject: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick,
 elfutils, GIMP, gdk-pixbuf, file, ndisasm, less


I wanted to share a couple of issues I recently found via zzuf and afl
fuzzing. It's a telling story about the state of some of the free
software projects involved and I can only encourage others to join the
effort to find bugs via fuzzing. Some of them are really low hanging
I'm cc-ing cve-assigners, I leave it up to you to decide which you
assign CVEs. If you want / need more info on details please ask.

Multiple issues in PCX, DCM parser and generic issue in resize code
These already got CVEs:

Fork of Imagemagick, so some of the above also affect it, tests with
the same fuzzed sample set turned out one independent other issue:
Heap Overflow / oob read
One more issue with PNGs that turned out to be weird, it caused an
error message to overflow:

Checks done with the set of files that crashed binutils turned out one
Invalid read
american fuzzy lop found a couple more:
and more:

Invalid reads in import plugins for fli and tga.

claws-mail / gdk-pixbuf
Assert in gdk-pixbuf when trying to load a malformed file as an
animation. This was an accidental discovery when I clicked on a
malformed PNG I send while reporting another issue (in graphicsmagick)
in my mail client (and it crashed with an assert).

out of bounds read when parsing JPG header

Actually I found this by running ndisasm on /dev/urandom - no joke!
Crash / oob read:

Out of bounds read, upstream doesn't answer and doesn't have a public
bug tracker. This wasn't really found by fuzzing but by running less on
a likely malwared gif, I reduced it to a smaller testcase:

Hanno Böck


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.