libredwg.zipDescription: Zip archive
|
| From: | Matteo Marini |
| Subject: | [libredwg] Responsible disclosure for bugs found in libredwg |
| Date: | Wed, 20 Dec 2023 16:24:17 +0100 |
Dear libredwg developers,
My name is Matteo Marini, I am a Ph.D. student from the Cybersecurity research group at the Department of Engineering in Computer Science at Sapienza University of Rome, Italy.
When running experiments for a project on memory safety errors, we believe we have found some bugs in libredwg involving the use of values read from uninitialized memory in program computations (e.g., when concurring to a branching condition or to a pointer dereferencing).
Due to the potential security relevance of such bugs, which unfortunately we were unable to assess with certainty, we are reaching out to you privately to initiate a responsible disclosure process rather than posting them as a GitHub issue. Typically, we follow established practices in our field and wait for 90 days before reporting specific features of our findings to the public.
The attached archive (password: cQv8$9k4) contains:
the executables on which we performed our tests (commit hash: 6b0eb53)
the input file to exercise the bugs
the stacktrace when the bugs were observed
the output of Valgrind confirming our findings
The executable we used for our testing is a compiled version of the fuzzing harness you made available for OSS-Fuzz (i.e. examples/llvmfuzz.c), with a main() function that simply opens a file, reads its content and calls the LLVMFuzzerTestOneInput() function. To compile, we used clang 14 and we ran every test on an ubuntu 22.04 x86-64 machine.
We would be very grateful for any feedback you may give us on the bugs we are reporting.
My supervisor Daniele Cono D’Elia is copied to this communication. We would both be happy to cooperate with you to provide any further knowledge in our availability for addressing the issues.
Best wishes,
Matteo Marini
libredwg.zip
Description: Zip archive
| [Prev in Thread] | Current Thread | [Next in Thread] |