Add some bug reproducers for ZZIPlib

author: Nguyễn Gia Phong <cnx@loang.net> 2025-10-24 22:03:39 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2025-10-24 22:03:39 +0900
commit: da4d3b9ca599f083e34d935a7f0a6d07c39b00a1 (patch)
tree: 3d52506f991ad5e144e548b7c164cb21255e9ccb /bugs
parent: da486ecec3c2b41f75cf5ff952cf92da5bee097e (diff)
download: loftix-da4d3b9ca599f083e34d935a7f0a6d07c39b00a1.tar.gz
9 files changed, 50 insertions, 0 deletions
diff --git a/bugs/README.md b/bugs/README.md
index e2adcab..7da7b20 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -283,6 +283,56 @@
       potrace cve/2013/7437/1.bmp
       potrace cve/2013/7437/2.bmp
 
+## ZZIPlib
+
+- CVE-2017-5974: [heap buffer overflow][ago-2017-5974]
+
+      guix shell zziplib-with-asan@0.13.62
+      unzzipcat-mem cve/2017/5974/heap-overflow.zip
+
+- CVE-2017-5975: [heap buffer overflow][ago-2017-5975]
+
+      guix shell zziplib-with-asan@0.13.62
+      unzzipcat-mem cve/2017/5975/heap-overflow.zip
+
+- CVE-2017-5976: [heap buffer overflow][ago-2017-5976]
+
+      guix shell zziplib-with-asan@0.13.62
+      unzzipcat-mem cve/2017/5976/heap-overflow.zip
+
+- CVE-2017-5977: [invalid memory read][ago-2017-5977]
+
+      guix shell zziplib-with-asan@0.13.62
+      unzzipcat-mem cve/2017/5977/invalid-read.zip
+
+- CVE-2017-5978: [out-of-bound read][ago-2017-5978]
+
+      guix shell zziplib@0.13.62
+      unzzipcat-mem cve/2017/5978/oob-read.zip
+
+- CVE-2017-5979: [null pointer derefence][ago-2017-5979]
+
+      guix shell zziplib-with-asan@0.13.62
+      unzzipcat-seeko cve/2017/5979/null-deref.zip
+
+- CVE-2017-5980: [null pointer derefence][ago-2017-5980]
+
+      guix shell zziplib@0.13.62
+      unzzipcat-mem cve/2017/5980/null-deref.zip
+
+- CVE-2017-5981: [null pointer derefence][ago-2017-5981]
+
+      guix shell zziplib@0.13.62
+      unzzipcat-seeko cve/2017/5981/fail-assert.zip
+
+[ago-2017-5974]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c
+[ago-2017-5975]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c
+[ago-2017-5976]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c
+[ago-2017-5977]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c
+[ago-2017-5978]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c
+[ago-2017-5979]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c
+[ago-2017-5980]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c
+[ago-2017-5981]: https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c
 [chromium-40058947]: https://issues.chromium.org/issues/40058947
 [chromium-40076524]: https://issues.chromium.org/issues/40076524
 [chromium-42452152]: https://project-zero.issues.chromium.org/issues/42452152
diff --git a/bugs/cve/2017/5974/heap-overflow.zip b/bugs/cve/2017/5974/heap-overflow.zip
new file mode 100644
index 0000000..d55ee15
--- /dev/null
+++ b/bugs/cve/2017/5974/heap-overflow.zip
Binary files differdiff --git a/bugs/cve/2017/5975/heap-overflow.zip b/bugs/cve/2017/5975/heap-overflow.zip
new file mode 100644
index 0000000..1d641dd
--- /dev/null
+++ b/bugs/cve/2017/5975/heap-overflow.zip
Binary files differdiff --git a/bugs/cve/2017/5976/heap-overflow.zip b/bugs/cve/2017/5976/heap-overflow.zip
new file mode 100644
index 0000000..cbb3899
--- /dev/null
+++ b/bugs/cve/2017/5976/heap-overflow.zip
Binary files differdiff --git a/bugs/cve/2017/5977/invalid-read.zip b/bugs/cve/2017/5977/invalid-read.zip
new file mode 100644
index 0000000..803ddac
--- /dev/null
+++ b/bugs/cve/2017/5977/invalid-read.zip
Binary files differdiff --git a/bugs/cve/2017/5978/oob-read.zip b/bugs/cve/2017/5978/oob-read.zip
new file mode 100644
index 0000000..79a1ca2
--- /dev/null
+++ b/bugs/cve/2017/5978/oob-read.zip
Binary files differdiff --git a/bugs/cve/2017/5979/null-deref.zip b/bugs/cve/2017/5979/null-deref.zip
new file mode 100644
index 0000000..41b4ba4
--- /dev/null
+++ b/bugs/cve/2017/5979/null-deref.zip
Binary files differdiff --git a/bugs/cve/2017/5980/null-deref.zip b/bugs/cve/2017/5980/null-deref.zip
new file mode 100644
index 0000000..1b8d2ab
--- /dev/null
+++ b/bugs/cve/2017/5980/null-deref.zip
Binary files differdiff --git a/bugs/cve/2017/5981/fail-assert.zip b/bugs/cve/2017/5981/fail-assert.zip
new file mode 100644
index 0000000..e2e26c6
--- /dev/null
+++ b/bugs/cve/2017/5981/fail-assert.zip
Binary files differ
author	Nguyễn Gia Phong <cnx@loang.net>	2025-10-24 22:03:39 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2025-10-24 22:03:39 +0900
commit	da4d3b9ca599f083e34d935a7f0a6d07c39b00a1 (patch)
tree	3d52506f991ad5e144e548b7c164cb21255e9ccb /bugs
parent	da486ecec3c2b41f75cf5ff952cf92da5bee097e (diff)
download	loftix-da4d3b9ca599f083e34d935a7f0a6d07c39b00a1.tar.gz