Parserama
Challenge Information
Project: libexif
Type: delta
Harnesses: 2
Vulnerabilities: 1
AFC Challenge Performance
Number of Unique Vulnerabilities Discovered: #
Number of Teams with Scoring PoVs: 6
Number of Teams with Scoring Patches: 5
Number of Teams with Scoring Bundles: 4
Total Points Scored for this Challenge: 44.25730212216538
What design decisions were considered for this challenge?
The author of libexif made a mistake when adjusting a parser that caused a buffer overflow that was immediately caught by ossfuzz. They fixed it the next day.
Why this set of vulnerabilities?
This is staged alone. Like ex-delta-01, the intent is to provide a similar situation to where state-of-the-art analysis tooling immediately caught a bug after it was committed.
Delta vs Full and why?
This challenge is a delta scan challenge. It contains one vulnerability, exif-002.
Challenge Harnesses
- exif_loader_fuzzer
- exif_from_data_fuzzer
Challenge Vulnerabilities
exif-002, Replay 2
Vulnerability Information
Author: David Wank
Harness: exif_from_data_fuzzer
CWE Classification: CWE-121
What functions and functionality is relevant?
The author of libexif made a mistake when adjusting a parser that caused a buffer overflow that was immediately caught by ossfuzz. They fixed it the next day.
Why is this vulnerable?
The parser adjustment introduced incorrect bounds handling, causing a buffer overflow.
Is this a replay and/or is inspired by anything?
Yes, this replays the actual bug that was caught by ossfuzz immediately after it was committed.
What makes it interesting?
Like ex-delta-01, the intent is to provide a similar situation to where state-of-the-art analysis tooling immediately caught a bug after it was committed.
Challenge Repository: libexif
Harness that will be used: exif_from_data_fuzzer
Sanitizer that will be used: ASAN