Closed liode1s closed 1 year ago
Can you try again from head ?
Of course, I use the timg-2e9414e668144bbe0afc074dac17b74ef4acfdcf branch to compile and run the fuzz seed. There is no crash behavior.
/timg ~/Desktop/sixel/output1/crashes/2023-08-16_15:48:42_0:30:07.094816_CLI-1-AFLPP_b439ea3b32235899c6d7f67332025a82.cov
▗
Thanks . Then Can I request a CVE ?
Fixed in v1.5.2 If you think it can be exploited, file a CVE and point to this bug and the new version as containing the fix.
According to the Debian Security Team, this has been assigned CVE-2023-40968
Thanks Tobi. Updated the 1.5.2 release to contain a link to upstream https://nvd.nist.gov/vuln/detail/CVE-2023-40968
Unfortunately, the original CVE mentioned 1.5.2 of being vulnerable, even though ti is the one fixing it.
It seems that the CVE has been registered through MITRE, so they might be able to correct the version information: https://cveform.mitre.org/
Thanks for the link. I've submitted a request to change the description to mention v1.5.1 and before instead.
I use afl++ fuzzing this program
then build afl++ run this poc