Monday, March 23, 2015

mozjpeg findings update

Closed
20150323:  mozjpeg: b6029d31 SIGFPE on specially crafted jpeg https://github.com/mozilla/mozjpeg/issues/153

Saturday, March 14, 2015

libicns

Findings

010db139 -- SEGV #1 icns_read_be (size=2, inp=0x661000, outp=<synthetic pointer>) at icns_io.c:51
3454826d -- SEGV #1 icns_read_le (size=2, inp=<optimized out>, outp=<synthetic pointer>) at icns_io.c:101

Reported to maintainer Mathew Eis  March 14, 2015, 9:43 p.m.

Sunday, March 8, 2015

Fuzzing Update

freeXL:
Re: 9f74b0e8, c9be2aa7, d7273f72, 6889d18b
Closed with patch.
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1

html2text:
Re: 8afd955e [Crash, SEGV ] malloc in Area.C:223
Response received from vendor, wontfix.

exifprobe:
Re: 3a41cb1c, 6bb4db60
Closed with patch. 3a41cb1c resolved in this patch. 6bb4db60 resolved in this patch.
Re: ab50ccf7
Closed in latest git checkout. Asking vendor for patch details.

fig2xsd:
Re: 485f75d6, bd644d4d
Closed with vendor release of 0.22
http://prdownloads.sourceforge.net/fig2sxd/fig2sxd_0.22.orig.tar.gz?download

gif2png:
Re: 0cd10b14
Vendor working on fix.

hp2xx:
Submitted new 0ad69d36, 24dfd181, 27eac1b7, 2b9f1f19, 3503093d, 3a5b6ff4, 3b2a6ca6, 40dd99c6, 42e898d9, 4fa145b4, 5570ae2a, 57dc6ada, 7c503fc7, 7d580ece, 87aebb39, 8d2e9b05, 9071d6d8, 91fe0b08, 92cee751, 99f38038, a921cb74, b1ee740e, b3445f4e, b6bd0cc0, b9eff3a0, bbb8391b, c3e9eae3, c7f0611a, cb3d04f9, d34f9134, d6ce68b4, dccd6129, ea388b76, f2315602, f7cede9e  on 3/8/2015

giftrans:
Submitted new a4ac94f0 to Debian QA team on 3/8/2015, Debian bug ID 780079;