diff options
| -rw-r--r-- | README.md | 80 | ||||
| -rw-r--r-- | REUSE.toml | 2 | ||||
| -rw-r--r-- | bugs/README.md | 72 |
3 files changed, 73 insertions, 81 deletions
diff --git a/README.md b/README.md index 1ebc5dc..f6ec15e 100644 --- a/README.md +++ b/README.md @@ -36,77 +36,6 @@ Then run `guix pull`. - [python-pacfix]: PAC-learning-based program synthesizer - [taosc]: Makeshift binary patch generator -## Bugs - -### CVE-2013-7437 - -[potrace: possible heap overflow][redhat-955808] - - guix shell potrace@1.11 - potrace bugs/cve/2013/7437/1.bmp - potrace bugs/cve/2013/7437/2.bmp - -### CVE-2016-9557 - -[JasPer: signed integer overflow][jasper-d42b238] - - guix shell jasper@1.900.19 - imginfo -f bugs/cve/2016/9557/signed-int-overflow.jp2 - -### CVE-2017-5969 - -[libxml2: null pointer derefence][oss-sec-20161105-3] - - guix shell libxml2@2.9.4 - xmllint --recover bugs/cve/2017/5969/crash-libxml2-recover.xml - -### CVE-2017-6965 - -[binutils: heap buffer overflow][sourceware-21137] - - guix shell binutils@2.27 - readelf -w bugs/cve/2017/6965/bug_3 - -### CVE-2017-14745 - -[binutils: integer overflow][sourceware-22148] - - guix shell binutils@2.29 - objdump -d bugs/cve/2017/14745/crash_1 - -### CVE-2017-15020 - -[binutils: heap buffer overflow][sourceware-22202] - - guix shell binutils@2.29 - nm -l bugs/cve/2017/15020/reproducer - -### CVE-2017-15025 - -[binutils: divide-by-zero][sourceware-22186] - - guix shell binutils@2.29 - nm -l bugs/cve/2017/15025/3899.crashes.bin - nm -l bugs/cve/2017/15025/floatexception.elf - objdump -S bugs/cve/2017/15025/floatexception.elf - -### CVE-2017-15232 - -[libjpeg-turbo: NULL pointer dereference][mozjpeg-268] - - guix shell libjpeg-turbo@1.5.2 - djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ - -targa -grayscale -outfile o bugs/cve/2017/15232/1.jpg - djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ - -targa -grayscale -outfile o bugs/cve/2017/15232/2.jpg - -### CVE-2019-9077 - -[binutils: heap buffer overflow][sourceware-24243] - - guix shell binutils@2.32 - readelf -a bugs/cve/2019/9077/hbo2 - [Guix channel]: https://guix.gnu.org/manual/devel/en/html_node/Channels.html [AFLRun]: https://trong.loang.net/~cnx/afl++/log?h=run [AFL++]: https://github.com/AFLplusplus/AFLplusplus @@ -114,12 +43,3 @@ Then run `guix pull`. [e9patch]: https://github.com/GJDuck/e9patch [python-pacfix]: https://github.com/hsh814/pacfix-python [taosc]: https://trong.loang.net/~cnx/taosc/about -[redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808 -[jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c -[oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 -[sourceware-21137]: https://sourceware.org/bugzilla/show_bug.cgi?id=21137 -[sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 -[sourceware-22202]: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 -[sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 -[sourceware-24243]: https://sourceware.org/bugzilla/show_bug.cgi?id=24243 -[mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 diff --git a/REUSE.toml b/REUSE.toml index 81cd182..3ee17c3 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -58,6 +58,6 @@ SPDX-FileCopyrightText = '2024 Nguyễn Gia Phong' SPDX-License-Identifier = 'GPL-3.0-or-later' [[annotations]] -path = 'README.md' +path = '**/README.md' SPDX-FileCopyrightText = 'None' SPDX-License-Identifier = 'CC0-1.0' diff --git a/bugs/README.md b/bugs/README.md new file mode 100644 index 0000000..74003aa --- /dev/null +++ b/bugs/README.md @@ -0,0 +1,72 @@ +# Bug reproducers + +## binutils + +- CVE-2017-6965: [heap buffer overflow][sourceware-21137] + + guix shell binutils@2.27 + readelf -w bugs/cve/2017/6965/bug_3 + +- CVE-2017-14745: [integer overflow][sourceware-22148] + + guix shell binutils@2.29 + objdump -d bugs/cve/2017/14745/crash_1 + +- CVE-2017-15020: [heap buffer overflow][sourceware-22202] + + guix shell binutils@2.29 + nm -l bugs/cve/2017/15020/reproducer + +- CVE-2017-15025: [divide-by-zero][sourceware-22186] + + guix shell binutils@2.29 + nm -l bugs/cve/2017/15025/3899.crashes.bin + nm -l bugs/cve/2017/15025/floatexception.elf + objdump -S bugs/cve/2017/15025/floatexception.elf + +- CVE-2019-9077: [heap buffer overflow][sourceware-24243] + + guix shell binutils@2.32 + readelf -a bugs/cve/2019/9077/hbo2 + +## JasPer + +- CVE-2016-9557: [signed integer overflow][jasper-d42b238] + + guix shell jasper@1.900.19 + imginfo -f bugs/cve/2016/9557/signed-int-overflow.jp2 + +## libjpeg-turbo + +- CVE-2017-15232: [null pointer dereference][mozjpeg-268] + + guix shell libjpeg-turbo@1.5.2 + djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ + -targa -grayscale -outfile o bugs/cve/2017/15232/1.jpg + djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ + -targa -grayscale -outfile o bugs/cve/2017/15232/2.jpg + +## libxml2 + +- CVE-2017-5969: [null pointer derefence][oss-sec-20161105-3] + + guix shell libxml2@2.9.4 + xmllint --recover bugs/cve/2017/5969/crash-libxml2-recover.xml + +## potrace + +- CVE-2013-7437: [possible heap overflow][redhat-955808] + + guix shell potrace@1.11 + potrace bugs/cve/2013/7437/1.bmp + potrace bugs/cve/2013/7437/2.bmp + +[jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c +[mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 +[oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 +[redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808 +[sourceware-21137]: https://sourceware.org/bugzilla/show_bug.cgi?id=21137 +[sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 +[sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 +[sourceware-22202]: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 +[sourceware-24243]: https://sourceware.org/bugzilla/show_bug.cgi?id=24243 |