Macroverflow
Challenge Information
Project: libexif
Type: delta
Harnesses: 2
Vulnerabilities: 1
AFC Challenge Performance
Number of Unique Vulnerabilities Discovered: #
Number of Teams with Scoring PoVs: 4
Number of Teams with Scoring Patches: 2
Number of Teams with Scoring Bundles: 2
Total Points Scored for this Challenge: 28.561292398034112
What design decisions were considered for this challenge?
This is a fantastic jumping off point for replay vulnerability development as is intended for this CR. We have a tailor made reproduction already made, a commit that introduces the problem, and the very next commit fixing it.
This challenge exposes a SARIF report that is incorrect. The report references the metadata for exif-002, another vulnerability that was fixed by the time this one was introduced.
Why this set of vulnerabilities?
This vuln is staged alone. Like ex-delta-01, the intent is to provide a similar situation to where state-of-the-art analysis tooling immediately caught a bug after it was committed.
Delta vs Full and why?
This challenge is a delta scan challenge. It contains one vulnerability, exif-001.
The author of libexif made a mistake in usage of a macro that caused a buffer overflow that was immediately caught by ossfuzz. They fixed it the next day.
Challenge Harnesses
- exif_loader_fuzzer
- exif_from_data_fuzzer
Challenge Sarif Broadcast
Target .aixcc/sarif/false-sarif.yaml
Sarif is incorrect
PLACEHOLDER FOR SARIFChallenge Vulnerabilities
exif-001, Replay 1
Vulnerability Information
Author: David Wank
Harness: exif_from_data_fuzzer
CWE Classification: CWE-122
What functions and functionality is relevant?
The author of libexif made a mistake in usage of a macro that caused a buffer overflow that was immediately caught by ossfuzz. They fixed it the next day.
This is a fantastic jumping off point for replay vulnerability development as is intended for this CR. We have a tailor made reproduction already made, a commit that introduces the problem, and the very next commit fixing it.
Why is this vulnerable?
The incorrect macro usage causes a buffer overflow due to improper bounds calculations.
Is this a replay and/or is inspired by anything?
Yes
What makes it interesting?
Like ex-delta-01, the intent is to provide a similar situation to where state-of-the-art analysis tooling immediately caught a bug after it was committed.
Challenge Repository: libexif
Harness that will be used: exif_from_data_fuzzer
Sanitizer that will be used: ASAN