diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-02-18 16:23:06 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-02-18 16:23:06 +0900 |
| commit | ea02e8430356976cd29d26c04616b172745e4bb7 (patch) | |
| tree | 9d066dfee0e4f1e376e3cab29abe77e4d0b252c1 /bugs | |
| parent | 67c968d8921157c981e868cf666d004933c4b79e (diff) | |
| download | loftix-ea02e8430356976cd29d26c04616b172745e4bb7.tar.gz | |
Move bug reproduction to separate README
Diffstat (limited to 'bugs')
| -rw-r--r-- | bugs/README.md | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/bugs/README.md b/bugs/README.md new file mode 100644 index 0000000..74003aa --- /dev/null +++ b/bugs/README.md @@ -0,0 +1,72 @@ +# Bug reproducers + +## binutils + +- CVE-2017-6965: [heap buffer overflow][sourceware-21137] + + guix shell binutils@2.27 + readelf -w bugs/cve/2017/6965/bug_3 + +- CVE-2017-14745: [integer overflow][sourceware-22148] + + guix shell binutils@2.29 + objdump -d bugs/cve/2017/14745/crash_1 + +- CVE-2017-15020: [heap buffer overflow][sourceware-22202] + + guix shell binutils@2.29 + nm -l bugs/cve/2017/15020/reproducer + +- CVE-2017-15025: [divide-by-zero][sourceware-22186] + + guix shell binutils@2.29 + nm -l bugs/cve/2017/15025/3899.crashes.bin + nm -l bugs/cve/2017/15025/floatexception.elf + objdump -S bugs/cve/2017/15025/floatexception.elf + +- CVE-2019-9077: [heap buffer overflow][sourceware-24243] + + guix shell binutils@2.32 + readelf -a bugs/cve/2019/9077/hbo2 + +## JasPer + +- CVE-2016-9557: [signed integer overflow][jasper-d42b238] + + guix shell jasper@1.900.19 + imginfo -f bugs/cve/2016/9557/signed-int-overflow.jp2 + +## libjpeg-turbo + +- CVE-2017-15232: [null pointer dereference][mozjpeg-268] + + guix shell libjpeg-turbo@1.5.2 + djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ + -targa -grayscale -outfile o bugs/cve/2017/15232/1.jpg + djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ + -targa -grayscale -outfile o bugs/cve/2017/15232/2.jpg + +## libxml2 + +- CVE-2017-5969: [null pointer derefence][oss-sec-20161105-3] + + guix shell libxml2@2.9.4 + xmllint --recover bugs/cve/2017/5969/crash-libxml2-recover.xml + +## potrace + +- CVE-2013-7437: [possible heap overflow][redhat-955808] + + guix shell potrace@1.11 + potrace bugs/cve/2013/7437/1.bmp + potrace bugs/cve/2013/7437/2.bmp + +[jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c +[mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 +[oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 +[redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808 +[sourceware-21137]: https://sourceware.org/bugzilla/show_bug.cgi?id=21137 +[sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 +[sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 +[sourceware-22202]: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 +[sourceware-24243]: https://sourceware.org/bugzilla/show_bug.cgi?id=24243 |