CVE-2019-15792 Type confusion in shiftfs

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace calls fdgetoldfd, then without further checks passes the resulting file into shiftfsrealfdget, which casts file-privatedata, a void that points to a filesystem-depende...

CVE-2019-15793

CVE-2019-15793 concerns a shiftfs issue in Ubuntu’s patched Linux kernel (5.0/5.3). The bug translated user/group IDs to init_user_ns instead of the lower filesystem’s s_user_ns, risking bypass of discretionary access control. Consequence: local attacker could exploit the mis-translation to acces...

suricata:fuzz_applayerparserparse: Heap-use-after-free in htp_connp_is_line_ignorable

Detailed Report: https://oss-fuzz.com/testcase?key=6197711587246080 Project: suricata Fuzzing Engine: afl Fuzz Target: fuzzapplayerparserparse Job Type: aflasansuricata Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address: 0x6190002949cc Crash State: htpconnpislineignorable...

quickjs:fuzz_compile: Heap-use-after-free in JS_ReadObjectRec

Project: https://github.com/horhof/quickjs.git Detailed Report: https://oss-fuzz.com/testcase?key=4863930045562880 Project: quickjs Fuzzing Engine: honggfuzz Fuzz Target: fuzzcompile Job Type: honggfuzzasanquickjs Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address:...

binutils:fuzz_disassemble: Use-of-uninitialized-value in loop_prim_n_bytes

Detailed Report: https://oss-fuzz.com/testcase?key=5652986874560512 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzermsanbinutils Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: loopprimnbytes decodes12z printinsns12...

gnutls:gnutls_x509_crl_parser_fuzzer: Use-of-uninitialized-value in print_crl

Project: https://gitlab.com/gnutls/gnutls.git Detailed Report: https://oss-fuzz.com/testcase?key=5639123231834112 Project: gnutls Fuzzing Engine: libFuzzer Fuzz Target: gnutlsx509crlparserfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

ndpi:fuzz_process_packet: Heap-buffer-overflow in get16

Project: https://github.com/ntop/nDPI.git Detailed Report: https://oss-fuzz.com/testcase?key=5130030848147456 Project: ndpi Fuzzing Engine: libFuzzer Fuzz Target: fuzzprocesspacket Job Type: libfuzzerasanndpi Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x60400000010d...

njs:njs_process_script_fuzzer: Use-of-uninitialized-value in njs_dprint

Project: http://hg.nginx.org/njs Detailed Report: https://oss-fuzz.com/testcase?key=5682261708242944 Project: njs Fuzzing Engine: libFuzzer Fuzz Target: njsprocessscriptfuzzer Job Type: libfuzzermsannjs Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: njsdprin...

unicorn:fuzz_emu_arm_thumb: Crash in helper_wfe_arm

Detailed Report: https://oss-fuzz.com/testcase?key=5139312127770624 Project: unicorn Fuzzing Engine: libFuzzer Fuzz Target: fuzzemuarmthumb Job Type: libfuzzermsanunicorn Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x00000000e080 Crash State: helperwfearm Sanitizer: memory MSAN...

ndpi:fuzz_ndpi_reader: Heap-use-after-free in ndpi_workflow_process_packet

Project: https://github.com/ntop/nDPI.git Detailed Report: https://oss-fuzz.com/testcase?key=5074519341662208 Project: ndpi Fuzzing Engine: afl Fuzz Target: fuzzndpireader Job Type: aflasanndpi Platform Id: linux Crash Type: Heap-use-after-free READ 2 Crash Address: 0x612001eabd00 Crash State:...

harfbuzz:hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5167653459329024 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasani386harfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash...

keystone:fuzz_asm_sparcbe: Use-of-uninitialized-value in llvm_ks::MCAssembler::computeFragmentSize

Detailed Report: https://oss-fuzz.com/testcase?key=5656891841839104 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmsparcbe Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: llvmks::MCAssembler::computeFragmentSiz...

libspectre:spectre_read_fuzzer: Heap-buffer-overflow in gc_mark_string

Project: https://gitlab.freedesktop.org/libspectre/libspectre.git Detailed Report: https://oss-fuzz.com/testcase?key=5703675452588032 Project: libspectre Fuzzing Engine: libFuzzer Fuzz Target: spectrereadfuzzer Job Type: libfuzzerasanlibspectre Platform Id: linux Crash Type: Heap-buffer-overflow...

opensc:fuzz_pkcs15_reader: Stack-buffer-overflow in pgp_parse_algo_attr_blob

Project: https://github.com/OpenSC/OpenSC.git Detailed Report: https://oss-fuzz.com/testcase?key=6329203163398144 Project: opensc Fuzzing Engine: honggfuzz Fuzz Target: fuzzpkcs15reader Job Type: honggfuzzasanopensc Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash Address:...

libgit2:patch_parse_fuzzer: Heap-buffer-overflow in git_buf_decode_base85

Project: https://github.com/libgit2/libgit2.git Detailed Report: https://oss-fuzz.com/testcase?key=4789150477975552 Project: libgit2 Fuzzing Engine: libFuzzer Fuzz Target: patchparsefuzzer Job Type: libfuzzerasanlibgit2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

libreoffice:docxfuzzer: Bad-cast to SwDrawContact from SwFlyDrawContact in FindFrameFormat

Project: git://anongit.freedesktop.org/libreoffice/core Detailed Report: https://oss-fuzz.com/testcase?key=5068778198532096 Project: libreoffice Fuzzing Engine: libFuzzer Fuzz Target: docxfuzzer Job Type: libfuzzerubsanlibreoffice Platform Id: linux Crash Type: Bad-cast Crash Address:...

libhevc:hevc_dec_fuzzer: Stack-use-after-return in ihevcd_process_thread

Project: https://android.googlesource.com/platform/external/libhevc Detailed Report: https://oss-fuzz.com/testcase?key=5728826448936960 Project: libhevc Fuzzing Engine: libFuzzer Fuzz Target: hevcdecfuzzer Job Type: libfuzzerasanlibhevc Platform Id: linux Crash Type: Stack-use-after-return READ 8...

matio:matio_fuzzer: Crash in H5O_chunk_deserialize

Project: git://git.code.sf.net/p/matio/matio Detailed Report: https://oss-fuzz.com/testcase?key=5716605253713920 Project: matio Fuzzing Engine: afl Fuzz Target: matiofuzzer Job Type: aflasanmatio Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0009ffbe04a8 Crash State:...

ffmpeg:ffmpeg_AV_CODEC_ID_THP_fuzzer: Heap-buffer-overflow in ljpeg_decode_rgb_scan

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5763147314495488 Project: ffmpeg Fuzzing Engine: libFuzzer Fuzz Target: ffmpegAVCODECIDTHPfuzzer Job Type: libfuzzerasanffmpeg Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address:...

libhevc:hevc_dec_fuzzer: Heap-buffer-overflow in ihevcd_mv_pred

Project: https://android.googlesource.com/platform/external/libhevc Detailed Report: https://oss-fuzz.com/testcase?key=5712847463514112 Project: libhevc Fuzzing Engine: libFuzzer Fuzz Target: hevcdecfuzzer Job Type: libfuzzerasani386libhevc Platform Id: linux Crash Type: Heap-buffer-overflow READ...