diff options
Diffstat (limited to 'bugs')
| -rw-r--r-- | bugs/README.md | 103 | ||||
| -rw-r--r-- | bugs/cve/2016/9265/34.mp3 (renamed from bugs/cve/2016/9264/globaloverflow) | bin | 8 -> 8 bytes | |||
| -rw-r--r-- | bugs/cve/2016/9265/45.mp3 | bin | 0 -> 148 bytes | |||
| -rw-r--r-- | bugs/gnu/19784/argv | bin | 0 -> 17 bytes | |||
| -rw-r--r-- | bugs/gnu/19784/limit | 1 | ||||
| -rw-r--r-- | bugs/gnu/25003/argv | bin | 0 -> 21 bytes | |||
| -rw-r--r-- | bugs/gnu/25003/chunks | 1 | ||||
| -rw-r--r-- | bugs/gnu/25023/argv | bin | 0 -> 34 bytes | |||
| -rw-r--r-- | bugs/gnu/25023/separator | 1 | ||||
| -rw-r--r-- | bugs/gnu/26545/argv | bin | 0 -> 23 bytes | |||
| -rw-r--r-- | bugs/gnu/26545/size | 1 |
11 files changed, 52 insertions, 55 deletions
diff --git a/bugs/README.md b/bugs/README.md index ad8de16..d0672d1 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -4,92 +4,92 @@ - CVE-2017-6965: [heap buffer overflow][sourceware-21137] - guix shell -e '(@@ (loftix bugs) binutils-2.27-asan)' + guix shell binutils-with-asan@2.27 readelf -w cve/2017/6965/bug_3 - CVE-2017-14745: [integer overflow][sourceware-22148] - guix shell -e '(@@ (loftix bugs) binutils-2.29)' + guix shell binutils@2.29 objdump -d cve/2017/14745/crash_1 - CVE-2017-15020: [heap buffer overflow][sourceware-22202] - guix shell -e '(@@ (loftix bugs) binutils-2.29-asan)' + guix shell binutils-with-asan@2.29 nm -l cve/2017/15020/reproducer - CVE-2017-15025: [division by zero][sourceware-22186] - guix shell -e '(@@ (loftix bugs) binutils-2.29)' + guix shell binutils@2.29 nm -l cve/2017/15025/3899.crashes.bin nm -l cve/2017/15025/floatexception.elf objdump -S cve/2017/15025/floatexception.elf - CVE-2018-10372: [heap buffer overflow][sourceware-23064] - guix shell -e '(@@ (loftix bugs) binutils-2.30-asan)' + guix shell binutils-with-asan@2.30 readelf -w cve/2018/10372/bug3 - CVE-2019-9077: [heap buffer overflow][sourceware-24243] - guix shell -e '(@@ (loftix bugs) binutils-2.32-asan)' + guix shell binutils-with-asan@2.32 readelf -a cve/2019/9077/hbo2 ## GNU Core Utilities - #19784: [heap buffer overflow][gnu-19784] - guix shell -e '(@@ (loftix bugs) coreutils-8.23-asan)' - make-prime-list "$(cat gnu/19784/limit)" + guix shell coreutils-with-make-prime-list-with-asan@8.23 + make-prime-list 3 # or: $(xargs -0 -a gnu/19784/argv) - #25003: [negative size param][gnu-25003] - guix shell -e '(@@ (loftix bugs) coreutils-8.26-sans-4954f79-asan)' - split -n"$(cat gnu/25003/chunks)" /dev/null + guix shell coreutils-with-asan@8.26-sans-4954f79 + split -n2/3 /dev/null # or: $(xargs -0 -a gnu/25003/argv) - #25023: [global buffer overflow][gnu-25023] - guix shell -e '(@@ (loftix bugs) coreutils-8.25-asan)' - echo | pr -m -S"$(cat gnu/25023/separator)" -t /dev/fd/0 /dev/null + guix shell coreutils-with-asan@8.25 + pr -m -S"$(printf '\t\t\t')" -t /dev/null /dev/zero - #26545: [memcpy param overlap][gnu-26545] - guix shell -e '(@@ (loftix bugs) coreutils-8.27-asan)' - shred -n4 -s"$(cat gnu/26545/size)" /dev/null + guix shell coreutils-with-asan@8.27 + shred -n4 -s7 /dev/null # or: $(xargs -0 -a gnu/26545/argv) ## JasPer - CVE-2016-8691: [divide-by-zero][jasper-22] - guix shell -e '(@@ (loftix bugs) jasper-1.900.3)' + guix shell jasper@1.900.3 imginfo -f cve/2016/8691/11.crash - CVE-2016-9387: [assertion failure][jasper-49] - guix shell -e '(@@ (loftix bugs) jasper-1.900.5)' + guix shell jasper@1.900.5 imginfo -f cve/2016/9387/jas_matrix.jp2 - CVE-2016-9557: [signed integer overflow][jasper-67] - guix shell -e '(@@ (loftix bugs) jasper-1.900.19)' + guix shell jasper-with-ubsan@1.900.19 imginfo -f cve/2016/9557/signed-int-overflow.jp2 ## libarchive - CVE-2016-5844: [signed integer overflow][libarchive-717] - guix shell -e '(@@ (loftix bugs) libarchive-3.2.0-ubsan)' + guix shell libarchive-with-ubsan@3.2.0 bsdtar -tf cve/2016/5844/libarchive-signed-int-overflow.iso ## libjpeg-turbo - CVE-2012-2806: [heap buffer overflow][chromium-40058947] - guix shell -e '(@@ (loftix bugs) libjpeg-turbo-1.2.0-asan)' + guix shell libjpeg-turbo-with-asan@1.2.0 djpeg cve/2012/2806/cnode0006-heap-buffer-overflow-796.jpg - CVE-2017-15232: [null pointer dereference][mozjpeg-268] - guix shell -e '(@@ (loftix bugs) libjpeg-turbo-1.5.2)' + guix shell libjpeg-turbo@1.5.2 djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ -targa -grayscale -outfile /dev/null cve/2017/15232/1.jpg djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ @@ -97,7 +97,7 @@ - CVE-2018-14498: [heap buffer overflow][libjpeg-turbo-258] - guix shell -e '(@@ (loftix bugs) libjpeg-turbo-1.5.3-asan)' + guix shell libjpeg-turbo-with-asan@1.5.3 cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:209_1.bmp cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:209_2.bmp cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:210_1.bmp @@ -106,46 +106,47 @@ - CVE-2018-19664: [heap buffer overflow][libjpeg-turbo-305] - guix shell -e '(@@ (loftix bugs) libjpeg-turbo-2.0.1-asan)' + guix shell libjpeg-turbo-with-asan@2.0.1 djpeg -colors 256 -bmp cve/2018/19664/heap-buffer-overflow-2.jpg ## libming -- CVE-2016-9264: [global buffer overflow][oss-sec-20161110-9] +- CVE-2016-9265: [division by zero][oss-sec-20161110-9] - guix shell -e '(@@ (loftix bugs) libming-0.4.7-asan)' - listmp3 cve/2016/9264/globaloverflow + guix shell libming@0.4.7 + listmp3 cve/2016/9265/34.mp3 + listmp3 cve/2016/9265/45.mp3 - CVE-2018-8806: [use after free][libming-128] - guix shell -e '(@@ (loftix bugs) libming-0.4.8-asan)' + guix shell libming-with-asan@0.4.8 swftophp cve/2018/8806/heap-use-after-free.swf - CVE-2018-8964: [use after free][libming-130] - guix shell -e '(@@ (loftix bugs) libming-0.4.8-asan)' + guix shell libming-with-asan@0.4.8 swftophp cve/2018/8964/heap-use-after-free.swf ## libtiff - BZ#2633: [heap buffer overflow][maptools-2633]: - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiff2ps maptools/2633/heapoverflow.tiff - CVE-2014-8128: [buffer overflow][maptools-2489] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.3)' + guix shell libtiff@4.0.3 thumbnail cve/2014/8128/03_thumbnail.tiff /dev/null - CVE-2016-3186: [buffer overflow][redhat-1319503] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)' - echo y | gif2tiff cve/2016/3186/crash.gif /dev/null + guix shell libtiff@4.0.6 + gif2tiff cve/2016/3186/crash.gif - - CVE-2016-3623: [division by zero][maptools-2569] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)' + guix shell libtiff@4.0.6 tar xvf $(guix build -S libtiff@4.0.6)\ tiff-4.0.6/test/images/logluv-3c-16b.tiff rgb2ycbcr -h 0 tiff-4.0.6/test/images/logluv-3c-16b.tiff /dev/null @@ -153,37 +154,37 @@ - CVE-2016-5314: [heap buffer overflow][maptools-2554] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.6-asan)' + guix shell libtiff-with-asan@4.0.6 rgb2ycbcr cve/2016/5314/oobw.tiff /dev/null - CVE-2016-5321: [invalid read][maptools-2558] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)' + guix shell libtiff@4.0.6 tiffcrop cve/2016/5321/ill-read.tiff /dev/null - CVE-2016-9273: [heap buffer overflow][maptools-2587] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.6-asan)' + guix shell libtiff-with-asan@4.0.6 tiffsplit cve/2016/9273/test049.tiff - CVE-2016-9532: [heap buffer overflow][maptools-2592] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)' + guix shell libtiff-with-asan@4.0.6 tiffcrop cve/2016/9532/heap-buffer-overflow.tiff /dev/null - CVE-2016-10092: [heap buffer overflow][maptools-2622] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiffcrop -i cve/2016/10092/heapoverflow.tiff /dev/null - CVE-2016-10093: [heap buffer overflow][maptools-2610] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiffcp -i cve/2016/10093/heapoverflow.tiff /dev/null - CVE-2016-10094: [heap buffer overflow][maptools-2640] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiff2pdf cve/2016/10094/heapoverflow.tiff -o /dev/null - CVE-2016-10266: [division by zero][maptools-2596] @@ -198,65 +199,65 @@ - CVE-2016-10268: [heap buffer overflow][maptools-2598] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiffcp -i cve/2016/10268/heapoverflow.tiff /dev/null - CVE-2016-10271: [heap buffer overflow][maptools-2620] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiffcrop -i cve/2016/10271/heapoverflow.tiff /dev/null - CVE-2016-10272: [heap buffer overflow][maptools-2624] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiffcrop -i cve/2016/10272/heapoverflow.tiff /dev/null - CVE-2017-5225: [heap buffer overflow][maptools-2656] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + guix shell libtiff-with-asan@4.0.7 tiffcp -p separate cve/2017/5225/2656.tiff /dev/null tiffcp -p contig cve/2017/5225/2657.tiff /dev/null - CVE-2017-7595: [division by zero][maptools-2653] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7)' + guix shell libtiff@4.0.7 tiffcp -i cve/2017/7595/fpe.tiff /dev/null - cve-2017-7599: [float cast overflow][maptools-2646] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-ubsan-float-cast-overflow)' + guix shell libtiff-with-ubsan-float-cast-overflow@4.0.7 tiffcp -i cve/2017/7599/outside-short.tiff /dev/null - cve-2017-7600: [float cast overflow][maptools-2647] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-ubsan-float-cast-overflow)' + guix shell libtiff-with-ubsan-float-cast-overflow@4.0.7 tiffcp -i cve/2017/7600/outside-unsigned-char.tiff /dev/null - CVE-2017-7601: [signed integer overflow][maptools-2648] - guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-ubsan)' + guix shell libtiff-with-ubsan@4.0.7 tiffcp -i cve/2017/7601/shift-long.tiff /dev/null ## libxml2 - CVE-2012-5134: [heap buffer overflow][chromium-40076524] - guix shell -e '(@@ (loftix bugs) libxml2-2.9.0-asan)' + guix shell libxml2-with-asan@2.9.0 xmllint cve/2012/5134/bad.xml - CVE-2016-1838: [heap buffer overflow][chromium-42452154] - guix shell -e '(@@ (loftix bugs) libxml2-2.9.3-asan)' + guix shell libxml2-with-asan@2.9.3 xmllint cve/2016/1838/attachment_316158 - CVE-2016-1839: [heap buffer overflow][chromium-42452152] - guix shell -e '(@@ (loftix bugs) libxml2-2.9.3-asan)' + guix shell libxml2-with-asan@2.9.3 xmllint --html cve/2016/1839/asan_heap-oob - CVE-2017-5969: [null pointer derefence][oss-sec-20161105-3] - guix shell -e '(@@ (loftix bugs) libxml2-2.9.4 + guix shell libxml2@2.9.4 xmllint --recover cve/2017/5969/crash-libxml2-recover.xml ## potrace diff --git a/bugs/cve/2016/9264/globaloverflow b/bugs/cve/2016/9265/34.mp3 index 24f6f72..24f6f72 100644 --- a/bugs/cve/2016/9264/globaloverflow +++ b/bugs/cve/2016/9265/34.mp3 Binary files differdiff --git a/bugs/cve/2016/9265/45.mp3 b/bugs/cve/2016/9265/45.mp3 new file mode 100644 index 0000000..2c30b61 --- /dev/null +++ b/bugs/cve/2016/9265/45.mp3 Binary files differdiff --git a/bugs/gnu/19784/argv b/bugs/gnu/19784/argv new file mode 100644 index 0000000..cc212c7 --- /dev/null +++ b/bugs/gnu/19784/argv Binary files differdiff --git a/bugs/gnu/19784/limit b/bugs/gnu/19784/limit deleted file mode 100644 index e440e5c..0000000 --- a/bugs/gnu/19784/limit +++ /dev/null @@ -1 +0,0 @@ -3 \ No newline at end of file diff --git a/bugs/gnu/25003/argv b/bugs/gnu/25003/argv new file mode 100644 index 0000000..fce27bd --- /dev/null +++ b/bugs/gnu/25003/argv Binary files differdiff --git a/bugs/gnu/25003/chunks b/bugs/gnu/25003/chunks deleted file mode 100644 index ffe913b..0000000 --- a/bugs/gnu/25003/chunks +++ /dev/null @@ -1 +0,0 @@ -2/3 \ No newline at end of file diff --git a/bugs/gnu/25023/argv b/bugs/gnu/25023/argv new file mode 100644 index 0000000..ad45798 --- /dev/null +++ b/bugs/gnu/25023/argv Binary files differdiff --git a/bugs/gnu/25023/separator b/bugs/gnu/25023/separator deleted file mode 100644 index bbeba64..0000000 --- a/bugs/gnu/25023/separator +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/bugs/gnu/26545/argv b/bugs/gnu/26545/argv new file mode 100644 index 0000000..427d8f7 --- /dev/null +++ b/bugs/gnu/26545/argv Binary files differdiff --git a/bugs/gnu/26545/size b/bugs/gnu/26545/size deleted file mode 100644 index c793025..0000000 --- a/bugs/gnu/26545/size +++ /dev/null @@ -1 +0,0 @@ -7 \ No newline at end of file |