[bug-unrtf] Further crashes / memory access violations in unrtf

bug-unrtf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-unrtf] Further crashes / memory access violations in unrtf

From:	Hanno Böck
Subject:	[bug-unrtf] Further crashes / memory access violations in unrtf
Date:	Mon, 22 Dec 2014 09:19:01 +0100

Hi,

I had these already reported in private to the unrtf developers. For
transparency I'll post these here so that there is a public reference
and archive of all issues.

With the help of fuzzing (american fuzzy lop and zzuf) I identified
various crashes in unrtf. Also with Address Sanitizer older versions of
unrtf already did invalid memory access even on valid inputs.

Attached are all fuzzing samples I sent to the unrtf devs. Also there
was a report on oss-security by Alexander Cherepanov that a large number
of brackets can also crash unrtf:
printf "%0.s{" {1..100000} > test

All issues are fixed in unrtf 0.21.8.


cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: address@hidden
GPG: BBB51E42

unrtf-crasher-4.tar.xz
Description: application/xz

unrtf-crashes-3.tar.xz
Description: application/xz

unrtf-crashes-5.tar.xz
Description: application/xz

unrtf-crashes-new.tar.xz
Description: application/xz

pgpvGPMSnxgAO.pgp
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-unrtf] Further crashes / memory access violations in unrtf, Hanno Böck <=

Prev by Date: Re: [bug-unrtf] Crashes in unrtf
Previous by thread: Re: [bug-unrtf] Crashes in unrtf
Index(es):
- Date
- Thread