SDLLMFuzz: Dynamic-Static LLM-Assisted Greybox Fuzzing for Structured Input Programs

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on mutation-based strategies and coarse-grained coverage feedbac...

USN-7545-3: Apport regression

USN-7545-1 fixed vulnerabilities in Apport. The update introduced a regression that raised an error if a crashing process was killed while Apport was analyzing it. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrect...

PT-2025-25821 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from compatibility problems between Linux and XenServer on Windows machines, where a platform device with ID 2 is used instead of the expected ID 1. This discrepancy...

OSV-2025-412 UNKNOWN WRITE in luaL_newstate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420248727 Crash type: UNKNOWN WRITE Crash state: luaLnewstate...

OSV-2024-988 UNKNOWN WRITE in SHA224Result

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68417 Crash type: UNKNOWN WRITE Crash state: SHA224Result mdmapsh224 stack...

PT-2023-35721 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves functions such as xmlParseEntityDecl,...

PT-2023-35690 · Git +1 · Harfbuzz

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a global buffer overflow read error. Technical details include a crash state involving the OT::gvar::accelerator t::apply deltas ...

OSV-2021-1779 Heap-use-after-free in Segment::write

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42996 Crash type: Heap-use-after-free READ 1 Crash state: Segment::write Doublewrite::writepages Doublewrite::flushtodisk...

OSV-2020-1536 Segv on unknown address in GetValueFromLinkedList

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20923 Crash type: Segv on unknown address Crash state: GetValueFromLinkedList Magick::throwException Magick::Image::read...

OSV-2020-896 Heap-buffer-overflow in rasteropGeneralLow

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23385 Crash type: Heap-buffer-overflow READ 4 Crash state: rasteropGeneralLow rasteropLow pixRasterop...

unicorn:fuzz_emu_arm_thumb: Crash in helper_wfe_arm

Detailed Report: https://oss-fuzz.com/testcase?key=5139312127770624 Project: unicorn Fuzzing Engine: libFuzzer Fuzz Target: fuzzemuarmthumb Job Type: libfuzzermsanunicorn Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x00000000e080 Crash State: helperwfearm Sanitizer: memory MSAN...

Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service (PoC)

Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service PoC CVE-2019-15943 Counter-Strike Global Offensive vphysics.dll before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, becaus...

honggfuzz vulnerability mining technology principle analysis-vulnerability warning-the black bar safety net

Google AFLWinAFL, the libfuzzer and honggfuzz is the most famous of the three based on code coverage fuzzer is. Online on the AFLWinAFLanalysis of the articles more, and on the latter two Analysis Articles less. Before the spring brother has written about honggfuzz article: honggfuzz vulnerabilit...

Exploit for Use After Free in Microsoft

CVE-2019-0708 - BlueKeep RDP RDP Connection Sequence:...

VLC (European Commission - DIGIT): Access Violation Reading in libfaad_plugin

1 Basic info of application 1.1 Info of application Application Name VLC media player for Windows Application Version 4.0.0-dev Otto Chriek Download Address http://nightlies.videolan.org/ Testing OS Windows 8 2 Info of test file 2.1 Test file info Normal file name normal.mkv Normal file type...

Type confusion vulnerability instance analysis-vulnerability warning-the black bar safety net

Type confusion vulnerability in General is the type of data A as data of Type B to resolve the reference, which may lead to illicit access to data and thus execute arbitrary code. This article by IE type confusion vulnerability examples and Word type confusion vulnerability examples for analysis,...

Computerinsel Photoline ANI Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this...

Ruby Psych::Emitter start_document Heap Overflow Vulnerability(CVE-2016-2338)

DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase...

VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues

The Microsoft Security Response Center MSRC receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of these reports turn out to be memory...

CVE-2017-0283: Windows Uniscribe remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

The last“patch Tuesday”to fix the one named“USP10! MergeLigRecords in Windows Uniscrible font processing heap broken ring”RCE vulnerability. Many days after the Google Project Zero team of Mateusz Jurczyk released a PoC of the report. In the Windows of the library at the same time the presence of...