Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Chapter 6. Build Your Own Fuzzer > Simplest Fuzz Testing Find Issues

    Simplest Fuzz Testing Find Issues

    We just completed your very first fuzzer; more specifically, your very own BMP file fuzzer. In most cases, you would probably wonder what such a simple fuzzer could do. Well, you won’t believe it but Kuickshow (KDE image/slideshow viewer) version 4:3.5.7-2 is actually vulnerable to one of the BMP files generated by the previous fuzzer.

    The vulnerability isn’t an exploitable buffer overflow; rather, it appears to be a form of a DoS where the BMP parser appears to enter an endless loop. If you copied the previous code exactly, data28.bmp is the culprit that causes the endless loop.


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial


      
    • Safari Books Online
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint