Uncovering Vulnerabilities In Open Source Libraries (CVE-2019-13499)
ForAllSecure
JANUARY 28, 2020
It is packaged in Debian and in derivative Linux distros such as Ubuntu. From a glimpse at the code, documentation, and project page, we have found a good candidate target to fuzz, namely the PSD parser inside of FreeImage. PSD is a notoriously difficult format to parse, which indicated to me that this is a ripe candidate for fuzzing.
Let's personalize your content