fcambus Activity

Activity for Frederic Cambus

6 years ago
Frederic Cambus posted a comment on ticket #10

This issue has been assigned CVE-2019-19787.
6 years ago
Frederic Cambus posted a comment on ticket #9

This issue has been assigned CVE-2019-19786.
6 years ago
Frederic Cambus posted a comment on ticket #8

This issue has been assigned CVE-2019-19785.
6 years ago
Frederic Cambus posted a comment on ticket #67

This issue has been assigned CVE-2019-19797.
6 years ago
Frederic Cambus created ticket #67

Out-of-bounds write in the read_colordef() function
6 years ago
Frederic Cambus created ticket #10

Stack-based buffer overflow in the get_signed_expression() function
6 years ago
Frederic Cambus created ticket #9

Stack-based buffer overflow in the parse_expr() function
6 years ago
Frederic Cambus created ticket #8

Stack-based buffer overflow in the to_comma() function
6 years ago
Frederic Cambus posted a comment on ticket #55

Indeed, on Linux the bug is only triggered when sanitizers are enabled. On OpenBSD however, it crashes with a normal build: $ fig2dev -Lbox test02 Bus error (core dumped) I can confirm that your patch fixes the issue with this test file, thanks!
6 years ago
Frederic Cambus posted a comment on ticket #55

This issue got assigned CVE-2019-19555.
6 years ago
Frederic Cambus created ticket #55

Stack-based buffer overflow in the read_textobject() function
6 years ago
Frederic Cambus posted a comment on ticket #587

This issue has been assigned CVE-2019-16396.
6 years ago
Frederic Cambus posted a comment on ticket #586

This issue has been assigned CVE-2019-16395.
6 years ago
Frederic Cambus created ticket #587

Use-after-free (heap) in the end_scope_of_program_name() function
6 years ago
Frederic Cambus created ticket #586

Stack-based buffer overflow in the cb_name() function
7 years ago
Frederic Cambus posted a comment on ticket #8

This issue has been assigned CVE-2019-14665.
7 years ago
Frederic Cambus posted a comment on ticket #7

This issue has been assigned CVE-2019-14662.
7 years ago
Frederic Cambus posted a comment on ticket #6

This issue has been assigned CVE-2019-14663.
7 years ago
Frederic Cambus created ticket #8

Heap-based buffer overflow in the define_array() function
7 years ago
Frederic Cambus created ticket #7

Stack-based buffer overflow in the fileio_openout() function
7 years ago
Frederic Cambus created ticket #6

Stack-based buffer overflow in the fileio_openin() function
7 years ago
Frederic Cambus posted a comment on ticket #584

This issue has been assigned CVE-2019-14541.
7 years ago
Frederic Cambus created ticket #584

Stack-based buffer overflow in the cb_encode_program_id() function
7 years ago
Frederic Cambus posted a comment on ticket #583

This issue has been assigned CVE-2019-14528.
7 years ago
Frederic Cambus created ticket #583

Heap-based buffer overflow in the read_literal() function
7 years ago
Frederic Cambus posted a comment on ticket #582

For all issues I reported, the fuzzer ran against latest trunk version, and I verified the issues are also triggered in 2.2. The CVE reports mention 2.2 as it's the latest released version.
7 years ago
Frederic Cambus posted a comment on ticket #582

This issue got assigned CVE-2019-14486.
7 years ago
Frederic Cambus created ticket #582

Global buffer overflow in the cb_evaluate_expr() function
7 years ago
Frederic Cambus posted a comment on ticket #581

This issue got assigned CVE-2019-14468.
7 years ago
Frederic Cambus created ticket #581

Global buffer overflow in the cb_push_op() function
7 years ago
Frederic Cambus posted a comment on ticket #52

This issue got assigned CVE-2019-14275.
7 years ago
Frederic Cambus modified a comment on ticket #13

The first issue (L2514) got assigned CVE-2019-14274.
7 years ago
Frederic Cambus posted a comment on ticket #13

The first issue (L2514) got assigned CVE-2019-14274.
7 years ago
Frederic Cambus created ticket #52

Stack-based Buffer Overflow in the calc_arrow() function
7 years ago
Frederic Cambus posted a comment on ticket #13

So, ASan calls both issues overflows, but only the first issue (L2514) is technically an actual buffer-overflow, the second issue (L2466) is actually an out-of-bounds read.
7 years ago
Frederic Cambus created ticket #13

Multiple Heap-based Buffer Overflow in the do_msg() function
7 years ago
Frederic Cambus created ticket #12

Heap-based Buffer Overflow in the parse_line() function
7 years ago
Frederic Cambus posted a comment on ticket #11

Attached the wrong file, here is the reproducer.
7 years ago
Frederic Cambus created ticket #11

Heap-based Buffer Overflow in the get_line() function
8 years ago
Frederic Cambus committed [7541a8]

Allow building on OpenBSD
1 decade ago
Frederic Cambus committed [3afc09]

Fixing compilation errors on NetBSD

Frederic Cambus Activity

Activity for Frederic Cambus

Frederic Cambus posted a comment on ticket #10

Frederic Cambus posted a comment on ticket #9

Frederic Cambus posted a comment on ticket #8

Frederic Cambus posted a comment on ticket #67

Frederic Cambus created ticket #67

Frederic Cambus created ticket #10

Frederic Cambus created ticket #9

Frederic Cambus created ticket #8

Frederic Cambus posted a comment on ticket #55

Frederic Cambus posted a comment on ticket #55

Frederic Cambus created ticket #55

Frederic Cambus posted a comment on ticket #587

Frederic Cambus posted a comment on ticket #586

Frederic Cambus created ticket #587

Frederic Cambus created ticket #586

Frederic Cambus posted a comment on ticket #8

Frederic Cambus posted a comment on ticket #7

Frederic Cambus posted a comment on ticket #6

Frederic Cambus created ticket #8

Frederic Cambus created ticket #7

Frederic Cambus created ticket #6

Frederic Cambus posted a comment on ticket #584

Frederic Cambus created ticket #584

Frederic Cambus posted a comment on ticket #583

Frederic Cambus created ticket #583

Frederic Cambus posted a comment on ticket #582

Frederic Cambus posted a comment on ticket #582

Frederic Cambus created ticket #582

Frederic Cambus posted a comment on ticket #581

Frederic Cambus created ticket #581

Frederic Cambus posted a comment on ticket #52

Frederic Cambus modified a comment on ticket #13

Frederic Cambus posted a comment on ticket #13

Frederic Cambus created ticket #52

Frederic Cambus posted a comment on ticket #13

Frederic Cambus created ticket #13

Frederic Cambus created ticket #12

Frederic Cambus posted a comment on ticket #11

Frederic Cambus created ticket #11

Frederic Cambus committed [7541a8]

Frederic Cambus committed [3afc09]