Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
I have done some more fuzzing for exifprobe and found additional crashes. I used american fuzzy lop 2.39b for fuzzing and afl-utils for collecting the samples and maintaining the instances. You can find the crashers from http://bugs.fi/media/afl/exifprobe/
I can see with valgrind that some of the samples are leaking memory and gdb exploitable tells that some of the issues causes stack corruption. If you need any more information feel free to contact me.
I do not think that these cases need CVEs at the moment, but patches should be included in projects using exifprobe e.g. Debian. I can re-start fuzzing after you have fixed these issues. Do you btw. have any kind of test automation system? If you do these test cases could minimized and added there to avoid any regressions.