Skip to content

Latest commit

 

History

History
74 lines (67 loc) · 6.87 KB

Trophy.md

File metadata and controls

74 lines (67 loc) · 6.87 KB

🏆 Bugs & CVEs

The showcase of bugs and CVEs found by UTopia-based fuzzers serves a variety of purpose:

  • Show the effect of the fuzzing automation approach (i.e.,UTopia can help find more bugs in the projects that are already registered and have been being fuzz tested in OSS-Fuzz)
  • Provide insight into making unit tests that can work well with UTopia (i.e., Fuzzing friendly unit tests)
  • Increase the visibility of various fuzz drivers so that people can learn or improve fuzz driver composing strategies

Note that the merged fuzz drivers are different from the original ones generated by UTopia because they are reviewed and modified by the community.

Project Bugs or CVEs Category Fuzzer
OpenCV #21947 bof readnetfromtensorflow_fuzzer.cc
OpenCV #21852 bof readnetfromtensorflow_fuzzer.cc
OpenCV #21851 bof
libaom CVE-2021-30473 free
libaom CVE-2021-30474 bof
libaom CVE-2021-30475 nullchk
uriparser CVE-2021-46141 nullchk
uriparser CVE-2021-46142 nullchk
assimp #4105 loop
assimp #4254 nullchk
assimp #4273 nullchk
assimp #4274 nullchk
assimp #4275 nullchk
assimp #4280 nullchk
assimp #4281 nullchk
assimp #4294 nullchk
assimp #4295 nullchk
assimp #4296 free
assimp #4297 free
assimp #4298 free
assimp #4299 free
assimp #4300 free
assimp #4301 free
assimp #4302 free
assimp #4303 free
assimp #4304 free
assimp #4305 free
assimp #4306 free
assimp #4307 nullchk
assimp #4308 nullchk
assimp #4309 nullchk
assimp #4310 nullchk
libaom #3187 arith
libaom #3188 bof
libaom #3190 nullchk
libaom #3191 nullchk
libaom #3192 nullchk
libaom #3195 bof
libaom #3197 nullchk
libaom #3206 arith
libaom #3215 bof
libaom #3216 nullchk
libaom #3217 nullchk
libaom #3218 nullchk
libaom #3220 bof
libaom #3221 bof

Description of categories:

  • arith: Arithmetic error (e.g., overflows, divide-by-zero)
  • nullchk: Missing nullptr check
  • loop: Infinite loop
  • oom: Out of memory
  • oor: Out of range read
  • oow: Out of range write
  • segfault: Program segfaulted
  • free: Free memory that is not located on the heap
  • type: Wrong type conversion of size
  • bof: Buffer overflow
  • uaf: Use after free
  • other: Anything that does not fit in another category, or unclear what the problem is