CVE-2017-9048libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 해석하자면 libxml2 20904-GIT..
CVE-2016-9297The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.해석하자면 LibTiff 4.0.6의 TIFFFetchNormalTag 함수에서 발생하는 취약점으로 out-of-bound read 가 발생한다. 빌드를 해보자. 우선 LibTIFF 를 설치한다.wget https://github.com/vadz/libtiff/archive/refs/tags/Release-v4-0-6.tar.gztar -zxv..
CVE-2017-13028 The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). 4.9.1 까지 버전에서 발생한 tcpdump의 BOOTP parser의 buffer over-read 취약점이다. 우선 target이 될 tcpdump를 설치한다. wget https://github.com/the-tcpdump-group/tcpdump/archive/refs/tags/tcpdump-4.8.1.tar.gz tar -zxvf tcpdump-4.8.1.tar.gz 그리고 libpcap도 설치한다. 이는 TCPdump에 빌요한 cross-platform library이다. wget https://..
CVE-2012-2836 Description The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. 해석하면 exif-data.c의 exif_data_load_data에서 발생하는 취약점으로 0.6.21 이전 버전의 EXIF Tag Parsing Library에서 발생..
CVE-2009-3895 Description Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party information. libexif 0.6.18의 libexif/exif-entry.c 에 있는 exif_entry_fix 함..
본격적으로 fuzzing을 해보자. CVE-2019-13288 Description In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. 해당 취약점은 Xpdf 4.01.01에서 Parser.cc의 Parser::getObj()에서 발생한 무한 재귀 문제점이다. build 우선 해당 버전의 xpdf를 빌드하자. $ cd $HOME $ mkdir fuzzing_xpdf && cd fuzzing_xpdf/ $ w..
