Control: tags -1 security
Control: severity -1 important
Hi!
On Sat, 2014-12-27 at 12:53:30 +0100, Jakub Wilk wrote:
> Package: arj
> Version: 3.10.22-12
> Usertags: afl
> ARJ crashes on the attached (slightly corrupted) ARJ file:
>
> $ arj t crash.arj
> ARJ32 v 3.10, Copyright (c) 1998-2004, A
* Jakub Wilk , 2014-12-27, 12:53:
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
Disclaimer: I don't have spare CPU cycles, so I fuzzed only till the
first crash (which took a few minutes at most). It's likely that
extensive fuzzing would discover mo
Package: arj
Version: 3.10.22-12
Usertags: afl
ARJ crashes on the attached (slightly corrupted) ARJ file:
$ arj t crash.arj
ARJ32 v 3.10, Copyright (c) 1998-2004, ARJ Software Russia. [08 Aug 2014]
Processing archive: crash.arj
Archive created: 2014-12-27 10:40:05, modified: 2014-12-27 10:40:05
3 matches
Mail list logo
