some vulns

Description lrzip ,a compression utility that excels at compressing large files (usually > 10-50 MB). Larger files and/or more free RAM means that the utility will be able to more effectively compress your files (ie: faster / smaller size), especially if the filesize(s) exceed 100 MB. You can either choose to optimise for speed (fast compression / decompression) or size, but not both. A stack buffer overflow was found in function get_fileinfo in lrzip.c,which allows attackers to cause a denial of service via a crafted file. #lrzip -i $FILE stack-buffer-overflow on address 0x7fff0e9e9038 at pc 0x7f8ece5fb795 bp 0x7fff0e9e8da0 sp 0x7fff0e9e8550 WRITE of size 10 at 0x7fff0e9e9038 thread T0     #0 0x7f8ece5fb794 in __interceptor_read ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:545     #1 0x413f27 in get_fileinfo /home/haojun/Downloads/lrzip-master/lrzip.c:1074     #2 0x409ee1 in main /home/haojun/Downloads/lrzip-master/main.c:671

Description lrzip , a compression utility that excels at compressing large files (usually > 10-50 MB). Larger files and/or more free RAM means that the utility will be able to more effectively compress your files (ie: faster / smaller size), especially if the filesize(s) exceed 100 MB. You can either choose to optimise for speed (fast compression / decompression) or size, but not both. A stack buffer overflow was found in function get_fileinfo in lrzip.c,which allows attackers to cause a denial of service via a crafted file. #lrzip -i $FILE stack-buffer-overflow on address 0x7fffdd1d38b8 at pc 0x7fcd199a9795 bp 0x7fffdd1d3620 sp 0x7fffdd1d2dd0 WRITE of size 65 at 0x7fffdd1d38b8 thread T0     #0 0x7fcd199a9794 in __interceptor_read ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:545     #1 0x412cf0 in get_fileinfo /home/haojun/Downloads/lrzip-master/lrzip.c:979     #2 0x409ee1 in main /home/haojun/Downloads/lrzip-master/main.c:671

Description Poppler is a PDF rendering library based on the  xpdf-3.0  code base. A stack buffer overflow was found in function GfxImageColorMap::getGray in GfxState.cc,which allows attackers to cause a denial of service via a crafted file. #pdfimages $FILE out ==88072==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffef185eb1 at pc 0x0000004fd590 bp 0x7fffef185cd0 sp 0x7fffef185cc8 READ of size 1 at 0x7fffef185eb1 thread T0     #0 0x4fd58f in GfxImageColorMap::getGray(unsigned char*, int*) /home/haojun/Downloads/testopensourcecode/poppler/poppler/GfxState.cc:6064     #1 0x408407 in ImageOutputDev::writeImageFile(ImgWriter*, ImageOutputDev::ImageFormat, char const*, Stream*, int, int, GfxImageColorMap*) /home/haojun/Downloads/testopensourcecode/poppler/utils/ImageOutputDev.cc:386     #2 0x40a557 in ImageOutputDev::writeImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool) /home/haojun/Downloads/testopensourcecode/poppler/utils/Imag

Description LibTIFF  This software provides support for the  Tag Image File Format  (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is  available on-line  in several different formats. A heap buffer overflow was found in function PSDataColorContig in tiff2ps.c,which allows attackers to cause a denial of service via a crafted file. #tiff2ps $FILE ================================================================= ==88810==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000affe at pc 0x00000040c824 bp 0x7ffc07c5cd00 sp 0x7ffc07c5ccf8 READ of size 1 at 0x60b00000affe thread T0     #0 0x40c823 in PSDataColorContig /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:2487     #1 0x40ba1d in PSpage /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:2347     #2 0x4087ce in TIFF2PS /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:1606     #3 0

Description LibTIFF  This software provides support for the  Tag Image File Format  (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is  available on-line  in several different formats. A heap buffer overflow was found in function combineSeparateSamples24bits in tiffcrop.c,which allows attackers to cause a denial of service via a crafted file. #tiffcrop $FILE out.tif ================================================================= ==72026==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62000000fff4 at pc 0x000000410c4b bp 0x7ffe43d35e30 sp 0x7ffe43d35e28 READ of size 1 at 0x62000000fff4 thread T0     #0 0x410c4a in combineSeparateSamples24bits /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiffcrop.c:4021     #1 0x4157c8 in readSeparateStripsIntoBuffer /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiffcrop.c:4889     #2 0x41ebcb in loadImage /home/haojun/Downloads/t

Description LibTIFF  This software provides support for the  Tag Image File Format  (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is  available on-line  in several different formats. A heap buffer overflow was found in function combineSeparateSamples32bits in tiffcrop.c,which allows attackers to cause a denial of service via a crafted file. #tiffcrop $FILE out.tif ================================================================= ==56543==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61600000fbda at pc 0x00000041171b bp 0x7ffecd216d00 sp 0x7ffecd216cf8 READ of size 1 at 0x61600000fbda thread T0     #0 0x41171a in combineSeparateSamples32bits /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiffcrop.c:4148     #1 0x4158e6 in readSeparateStripsIntoBuffer /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiffcrop.c:4901     #2 0x41ebcb in loadImage /home/haojun/Downloads/t

Description LibTIFF  This software provides support for the  Tag Image File Format  (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is  available on-line  in several different formats. A memory allocation failed was found in function  _TIFFmalloc in  tif_unix.c, which allows attackers  to cause a denial of service via a crafted file. #tiff2pdf $FILE -o out.pdf failed to allocate ==8088==ERROR: AddressSanitizer failed to allocate 0x7800e3000 (32213184512) bytes of LargeMmapAllocator (error code: 12) ==8088==Process memory map follows:    0x000000400000-0x000000548000   /home/haojun/Downloads/testopensourcecode/tiff-4.0.7_build/bin/tiff2pdf    0x000000747000-0x000000748000   /home/haojun/Downloads/testopensourcecode/tiff-4.0.7_build/bin/tiff2pdf    0x000000748000-0x000000760000   /home/haojun/Downloads/testopensourcecode/tiff-4.0.7_build/bin/tiff2pdf    0x00007fff7000-0x00008fff7000      0x00008fff7000