Ther issues

Results 7 issues of


                                            Ther

bug report -- swfdump

# 1.NULL pointer dereference ## env ubuntu20.04 gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) swfdump - part of swftools 0.9.2 ## sample [poc_SEGV_swf_FontExtract_DefineTextCallback](https://github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc_SEGV_swf_FontExtract_DefineTextCallback) ## crash ``` ./swfdump -D poc_SEGV_swf_FontExtract_DefineTextCallback ==963719==ERROR: AddressSanitizer: SEGV...

bug report -- swfrender

# 1.heap-buffer-overflow ## env ubuntu20.04 gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) swfrender - part of swftools 0.9.2 ## sample [id7_heap-buffer-overflow.zip](https://github.com/keepinggg/poc/blob/main/poc_of_swfrender/id7_heap-buffer-overflow.zip) ## crash ``` ./swfrender id7_heap-buffer-overflow -o /dev/null ==1106906==ERROR: AddressSanitizer: heap-buffer-overflow on...

heap-buffer-overflow exists in the function swf_GetPlaceObject in swfobject.c

# heap-buffer-overflow ## env ubuntu20.04 gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) swfdump - part of swftools 0.9.2 ## sample [poc.zip](https://github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc) ## crash ``` ./swfdump -D poc ==2946990==ERROR: AddressSanitizer: heap-buffer-overflow on address...

The function readU16 in ttf.c appears SEGV

# SEGV ## env ubuntu20.04 gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) ttftool - part of swftools 0.9.2 ## sample [poc.zip](https://github.com/matthiaskramm/swftools/files/10101243/poc.zip) ## crash ``` ./ttftool poc1 AddressSanitizer:DEADLYSIGNAL ================================================================= ==3017452==ERROR: AddressSanitizer: SEGV on...

SEGV in DCTStream::readHuffSym

# SEGV ## env ubuntu20.04 gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) XPDF commit ffaf11c ## sample [id189.zip](https://github.com/jhcloos/xpdf/files/10868398/id189.zip) ## reproduce ``` CFLAGS="-g -fsanitize=address" CXXFLAGS="-g -fsanitize=address" LDFLAGS="-g -fsanitize=address" ./configure make ./pdftotext poc ```...

Vulnerability Discovery

Hi, I found some vulnerabilities in lunasvg with fuzz testing tool as follows: # 1.FPE ## env ubuntu22.04 gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0 svg2png - lunasvg(v2.3.9) ## sample [FPE_at_canvas](https://github.com/keepinggg/poc/blob/main/poc_of_lunasvg/FPE_at_canvas) ## crash...

memory leak

# 1.memory leak ## env ubuntu20.04 gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) swfc - part of swftools 0.9.2 ## sample [memory_leak1](https://github.com/keepinggg/poc/blob/main/poc_of_swfc/memory_leak1) ## crash ``` ./swfc memory_leak1 output.swf:2:4: warning: Couldn't resolve 'str',...

memory-leak