New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2018-16336: AddressSanitizer: 2 heap-buffer-overflow problems ( Exiv2::Internal::PngChunk::parseTXTChunk() && bool __gnu_cxx::__ops::_Iter_equals_val<char const>::operator()<unsigned char*>(unsigned char*)) #400
Comments
|
Thanks for your reports! I'll fix these today after work. Just out of curiosity, have you published mem-AFL? And how does it compare to vanilla-AFL? |
|
Hi, we haven't published mem-AFL yet, but we will publish its source code after our paper being published. And the details of comparison will be discussed in out paper. |
|
Cool, could you guys drop me an email once everything is published? (You can find my email in the commit log.) Do you plan to fuzz exiv2 further? If yes, I could give you some hints what to test further. |
|
Yes, we will send you an email once everything is done. We plan to fuzz exiv2 further and we look forward to receiving your hints. We could communicate by email. |
This function was creating a lot of new pointers and strings properly checking the array bounds. This fixes Exiv2#400
This function was creating a lot of new pointers and strings properly checking the array bounds. This fixes Exiv2#400
This function was creating a lot of new pointers and strings properly checking the array bounds. This fixes Exiv2#400
Fix issue #400 (overreads in PngChunk::parseTXTChunk())
Following bugs was found with mem-AFL, which is based on AFL. Mem-AFL is developed by Yanhao(unfuzzable123@gmail.com) & Marsman1996(lqliuyuwei@outlook.com)
both tested in Ubuntu 16.04, 64bit, Exiv2(master ce516ed && v0.26)
$ exiv2 $POCPOC1
https://github.com/Marsman1996/pocs/blob/master/exiv2/CVE-2018-16336/poc1-heapoverflow
POC2
https://github.com/Marsman1996/pocs/blob/master/exiv2/CVE-2018-16336/poc2-heapoverflow
The text was updated successfully, but these errors were encountered: