FuzzingRealProgramBenchStatistics icon indicating copy to clipboard operation
FuzzingRealProgramBenchStatistics copied to clipboard

List the real world programs evaluated in fuzzing papers.

Fuzzing Benchmark - Real world programs

List the real world programs evaluated in fuzzing papers. Rank

TODO: count #CVE

Dowser - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations

  • nginx
  • ffmpeg
  • inspircd
  • poppler (libpoppler)
  • libpoppler
  • libexif
  • snort

MAYHEM - Unleashing Mayhem on Binary Code

  • a2ps
  • aeon
  • aspell
  • atphttpd
  • faceradius
  • ghostscript
  • glftpd
  • gnugol
  • htget
  • htpasswd
  • iwdconfig
  • mbse-bbs
  • ncompress
  • orzhttpd
  • psutils
  • rsync
  • sharutils
  • socat
  • squirrel mail
  • tipxd
  • xgalaga
  • xtokkaetama

FuzzSim -Scheduling Black-box Mutational Fuzzing

  • ffmpeg
  • 100 different Linux applications (unknown)

COVERSET - Optimizing Seed Selection for Fuzzing

  • xpdf
  • mupdf
  • pdf2svg (libpoppler)
  • libpoppler
  • ffmpeg
  • mplayer
  • mp3gain
  • eog
  • convert
  • gif2png (libpng)
  • libpng
  • jpegtran (libjpeg)
  • libjpeg

SYMFUZZ - Program-Adaptive Mutational Fuzzing

  • abcm2ps
  • autotrace
  • bib2xml
  • catdvi
  • figtoipe
  • gif2png (libpng)
  • libpng
  • pdf2svg (libpoppler)
  • libpoppler
  • mupdf

MutaGen - Turning Programs Against Each Other: High Coverage Fuzz-testing Using Binary-code Mutation and Dynamic Slicing.

  • avconv
  • convert
  • nconvert
  • pdftocairo
  • mudraw
  • mupdf
  • pdftops
  • ps2pdf
  • inkscape

AFLFast - Coverage-based Greybox Fuzzing as Markov Chain

  • nm (binutils)
  • objdump (binutils)
  • strings (binutils)
  • size (binutils)
  • c++filt (binutils)
  • binutils

SeededFuzz - Selecting and Generating Seeds for Directed Fuzzing

  • mpeg3dump (libmpeg3)
  • libmpeg3
  • png2swf (swftools)
  • gif2swf (swftools)
  • swftools
  • cjpeg (libjpeg)
  • libjpeg
  • speexenc

VUzzer - Application-aware Evolutionary Fuzzing

  • mpg321 (libasound)
  • libasound
  • gif2png (libpng)
  • libpng
  • pdf2svg (libpoppler)
  • libpoppler
  • tcpdump (libpcap)
  • tcptrace (libpcap)
  • libpcap
  • djpeg (libjpeg)
  • libjpeg

Steelix - Program-State Based Binary Fuzzing

  • tiff2pdf (libtiff)
  • tiffcp (libtiff)
  • libtiff
  • pngfix (libpng)
  • libpng
  • gzip
  • tcpdump (libpcap)
  • libpcap

Skyfire - Data-Driven Seed Generation for Fuzzing

  • Sablotron
  • libxslt
  • libxml2
  • Javascript engine in Internet Explorer

kAFL - Hardware-Assisted Feedback Fuzzing for OS Kernels

  • Windows
  • Linux
  • macOS

DIFUZE - Interface Aware Fuzzing for Kernel Drivers.

  • ioctl handlers

Orthrus - Static Program Analysis as a Fuzzing Aid

  • c-ares
  • libxml2
  • openssl
  • nDPI
  • tcpdump (libpcap)
  • libpcap
  • woff2

Chizpurfle - A Gray-Box Android Fuzzer for Vendor Service Customizations

  • Android services

VDF - Targeted Evolutionary Fuzz Testing of Virtual Devices

  • Virtual devices

IMF - Inferred Model-based Fuzzer

  • macOS API

NEZHA - Efficient Domain-Independent Differential Testing

  • openssl
  • libressl
  • boringssl
  • wolfssl
  • mbedtls
  • gnutls
  • binutils (libbfd)
  • clamav (libclamav)
  • xzutils
  • evince
  • mupdf
  • xpdf

S2F - Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing

  • readelf (binutils)
  • objdump (binutils)
  • binutils
  • djpeg (libjpeg)
  • libjpeg
  • gzip
  • ffmpeg
  • tcpdump (libpcap)
  • libpcap
  • capstone
  • gif2png (libpng)
  • libpng

FairFuzz - Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage

  • tcpdump (libpcap)
  • libpcap
  • nm (binutils)
  • objdump (binutils)
  • readelf (binutils)
  • c++filt (binutils)
  • binutils
  • mutool draw (mupdf)
  • mupdf
  • xmllint (libxml2)
  • libxml2
  • djpeg (libjpeg)
  • libjpeg
  • readpng (libpng)
  • libpng

Angora - Efficient Fuzzing by Principled Search

  • file
  • jhead
  • xmlwf (expat)
  • expat
  • djpeg (libjpeg)
  • libjpeg
  • readpng (libpng)
  • libpng
  • nm (binutils)
  • objdump (binutils)
  • size (binutils)
  • binutils

T-Fuzz - fuzzing by program transformation

  • pngfix (libpng)
  • libpng
  • tiffinfo (libtiff)
  • libtiff
  • ImageMagick
  • pdftohtml (lipoppler)
  • libpoppler

MEDS - Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing

  • chorme
  • firefox
  • apche
  • nginx
  • PHP7
  • lci
  • picoc
  • ImageMagick
  • wren
  • espruino
  • tinyvm
  • raptor
  • swftools
  • exifprobe
  • metacam
  • jhead

CollAFL - Path Sensitive Fuzzing

  • catdoc
  • tiff2pdf (libtiff)
  • tiff2ps (libtiff)
  • tiffset (libtiff)
  • libtiff
  • listswf (libming)
  • libming
  • objdump (binutils)
  • nm (binutils)
  • binutils
  • tcpdump (libpcap)
  • libpcap
  • exiv2
  • vim
  • nasm
  • libncurses
  • clamav (libclamav)
  • libav
  • libtorrent
  • libpspp
  • libsass
  • libdwarf
  • bison
  • cflow

NEUZZ - Efficient Fuzzing with Neural Program Smoothing

  • readelf (binutils)
  • harfbuzz
  • libjpeg
  • mupdf
  • libxml
  • nm (binutils)
  • objdump (binutils)
  • size (binutils)
  • strip
  • zlib
  • binutils

Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing

  • bsdtar (libarchive)
  • libarchive
  • cer-basic (libksba)
  • libksba
  • cjson
  • djpeg (libjpeg)
  • libjpeg
  • pdftohtml (libpoppler)
  • libpoppler
  • readelf (binutils)
  • binutils
  • sfconvert (audiofile)
  • audiofile
  • tcpdump (libpcap)
  • libpcap

REDQUEEN: Fuzzing with Input-to-State Correspondence

  • ar (binutils)
  • size (binutils)
  • c++filt (binutils)
  • strings (binutils)
  • nm (binutils)
  • objdump (binutils)
  • readelf (binutils)
  • as (bintutils)
  • binutils
  • gprof
  • tiff2ps (libtiff)
  • libtiff
  • jhead
  • fdk-acc
  • ImageMagick
  • wine
  • mruby
  • sam2p
  • bash
  • libxml2
  • perl

NAUTILUS: Fishing for Deep Bugs with Grammars

  • mruby
  • PHP
  • Lua
  • ChakracCore

Smart Greybox Fuzzing

  • mpg321
  • gif2png (libpng)
  • libpng
  • pdf2svg (libpoppler)
  • libpoppler
  • tcpdump (libpcap)
  • tcptrace (libpcap)
  • libpcap
  • djpeg (libjpeg)
  • libjpeg

Qsym : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

  • libjpeg
  • libpng
  • libtiff
  • lepton
  • openjpeg
  • tcpdump (libpcap)
  • libpcap
  • file
  • libarchive
  • audiofile
  • ffmpeg
  • binutils

TIFF: Using Input Type Inference To Improve Fuzzing

  • mpg321 (libasound)
  • libasound
  • pdf2svg (libpoppler)
  • libpoppler
  • jbig2dev (libjbig2dev)
  • potrace (libpotrace)
  • gif2png (libpng)
  • libpng
  • tcptrace (libpcap)
  • libpcap
  • autotrace (libautotrace)
  • pdftocairo (libcairo)
  • convert (*libGraphicsMagick)