|
From: | Hanno Böck |
Subject: | [bug-unrtf] Further crashes / memory access violations in unrtf |
Date: | Mon, 22 Dec 2014 09:19:01 +0100 |
Hi, I had these already reported in private to the unrtf developers. For transparency I'll post these here so that there is a public reference and archive of all issues. With the help of fuzzing (american fuzzy lop and zzuf) I identified various crashes in unrtf. Also with Address Sanitizer older versions of unrtf already did invalid memory access even on valid inputs. Attached are all fuzzing samples I sent to the unrtf devs. Also there was a report on oss-security by Alexander Cherepanov that a large number of brackets can also crash unrtf: printf "%0.s{" {1..100000} > test All issues are fixed in unrtf 0.21.8. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: address@hidden GPG: BBB51E42
unrtf-crasher-4.tar.xz
Description: application/xz
unrtf-crashes-3.tar.xz
Description: application/xz
unrtf-crashes-5.tar.xz
Description: application/xz
unrtf-crashes-new.tar.xz
Description: application/xz
pgpvGPMSnxgAO.pgp
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |