Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ossfuzzGoogleOSSFUZZ-23765
HistoryJun 28, 2020 - 4:25 a.m.

libxml2:html: Heap-use-after-free in xmlParserPrintFileContextInternal

2020-06-2804:25:10
Google
bugs.chromium.org
11
JSON

Project:
https://gitlab.gnome.org/GNOME/libxml2.git

Detailed Report: https://oss-fuzz.com/testcase?key=4858748979118080

Project: libxml2
Fuzzing Engine: honggfuzz
Fuzz Target: html
Job Type: honggfuzz_asan_libxml2
Platform Id: linux

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x621000007900
Crash State:
xmlParserPrintFileContextInternal
xmlReportError
__xmlRaiseError

Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://oss-fuzz.com/revisions?job=honggfuzz_asan_libxml2&range=202006240141:202006250141

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4858748979118080

Issue filed automatically.

See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please

  • mention the fix revision(s).
  • state whether the bug was a short-lived regression or an old bug in any stable releases.
  • add any other useful information.
    This information can help downstream consumers.

If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.

JSON