Skip to content

PDF fuzzing and Adobe Reader 9.5.1 and 10.1.3 multiple critical vulnerabilities

Ten post nie jest dostępny w języku polskim!

{ 4 } Comments

  1. Hanno | 14-sie-12 at 14:00:40 | Permalink

    Have you tried the same fuzzing samples on poppler? It’d be interesting how it performs compared to other implementations.

  2. Fernando | 14-sie-12 at 18:15:45 | Permalink

    +1 on running it on evince/poppler

  3. j00ru | 15-sie-12 at 01:39:27 | Permalink

    @Hanno, @Fernando: We had the same idea and found a large stack of memory errors a few months ago. Unfortunately, the poppler developers don’t seem to rush to fix them: http://cgit.freedesktop.org/poppler/poppler/log/?qt=grep&q=j00ru.

  4. John | 21-sty-16 at 18:36:13 | Permalink

    What kind of fuzzer did you use to discover adobe reader vulnerability?

{ 35 } Trackbacks

  1. […] piszą badacze, ponad 1,500 corów pracowało przez kilka tygodni, dostarczając do testowanej aplikacji szereg […]

  2. […] a some-more technical credentials on a Adobe Reader vulnerabilities, take a demeanour during a blog post by Mateusz Jurczyk and Gynvael […]

  3. […] апдейта в Acrobat Reader остались «десятки уязвимостей», говорят специалисты из Google. Двое исследователей безопасности Матеуш Юржик (Mateusz […]

  4. […] A Adobe liberou uma nova versão para o Reader na terça-feira (14/8), na qual foram corrigidas cerca de 20 falhas das versões para Mac e Windows. Apesar do número elevado de defeitos abordados nos patches, outras vulnerabilidades continuaram intocadas, de acordo com uma análise feita por Mateusz Jurczyk e Gynvael Coldwind, do Google. […]

  5. […] A Adobe liberou uma nova versão para o Reader na terça-feira (14/8), na qual foram corrigidas cerca de 20 falhas das versões para Mac e Windows. Apesar do número elevado de defeitos abordados nos patches, outras vulnerabilidades continuaram intocadas, de acordo com uma análise feita por Mateusz Jurczyk e Gynvael Coldwind, do Google. […]

  6. […] A Adobe liberou uma nova versão para o Reader na terça-feira (14/8), na qual foram corrigidas cerca de 20 falhas das versões para Mac e Windows. Apesar do número elevado de defeitos abordados nos patches, outras vulnerabilidades continuaram intocadas, de acordo com uma análise feita por Mateusz Jurczyk e Gynvael Coldwind, do Google. […]

  7. […] Mateusz Jurczyk and Gynvael Coldwind have asserted that back in June, they reported 46 reproducible crashes in Reader to Adobe. Earlier this week, Adobe released new versions of Reader for Windows and Mac OS X that […]

  8. […] A Adobe liberou uma nova versão para o Reader na terça-feira (14/8), na qual foram corrigidas cerca de 20 falhas das versões para Mac e Windows. Apesar do número elevado de defeitos abordados nos patches, outras vulnerabilidades continuaram intocadas, de acordo com uma análise feita por Mateusz Jurczyk e Gynvael Coldwind, do Google. […]

  9. […] Mateusz Jurczyk and Gynvael Coldwind have asserted that back in June, they reported 46 reproducible crashes in Reader to Adobe. Earlier this week, Adobe released new versions of Reader for Windows and Mac OS X that […]

  10. […] Mateusz Jurczyk and Gynvael Coldwind have asserted that back in June, they reported 46 reproducible crashes in Reader to Adobe. Earlier this week, Adobe released new versions of Reader for Windows and Mac OS X that […]

  11. […] Jurczyk和Gynvael冷风的谷歌宣称,早在六月,他们46重现崩溃到Adobe Reader中。本周早些时候,Adobe发布了用于Windows和Mac OS […]

  12. […] Mateusz Jurczyk and Gynvael Coldwind have asserted that behind in June, they reported 46 reproducible crashes in Reader to Adobe. Earlier this week, Adobe expelled new versions of Reader for Windows and Mac OS X that […]

  13. […] weitere Aktualisierung für Reader vor dem 27. August, schreiben Jurczyk und Coldwind in einem Blogeintrag. Deswegen hätten sie sich entschlossen, mit den Informationen an die Öffentlichkeit zu gehen. […]

  14. […] keine weitere Aktualisierung für Reader vor dem 27. August, schreiben Jurczyk und Coldwind in einemBlog. Deswegen hätten sie sich entschlossen, mit den Informationen an die Öffentlichkeit zu gehen. […]

  15. […] Mateusz Jurczyk and Gynvael Coldwind have asserted that back in June, they reported 46 reproducible crashes in Reader to Adobe. Earlier this week, Adobe released new versions of Reader for Windows and Mac OS X that […]

  16. […] сотрудников компании Google предупредили пользователей Linux об опасности использования […]

  17. […] addressed in a patches, a series of vicious vulnerabilities remained untouched, according to an analysis expelled on Wednesday by Mateusz Jurczyk and Gynvael Coldwind of […]

  18. […] addressed in the patches, a number of serious vulnerabilities remained untouched, according to an analysis released on Wednesday by Mateusz Jurczyk and Gynvael Coldwind of […]

  19. […] addressed in the patches, a number of serious vulnerabilities remained untouched, according to an analysis released on Wednesday by Mateusz Jurczyk and Gynvael Coldwind of […]

  20. […] wurden einige Sicherheitslücken nicht geschlossen. Darauf weisen zwei Google-Mitarbeiter in einem Blog-Artikel […]

  21. […] сотрудников компании Google предупредили пользователей Linux об опасности использования […]

  22. […] el último boletín solo se corrigen alrededor de 25 de estos fallos en sus 12 CVEs. Así, los investigadores concluyen que existen unos 16 problemas no corregidos aún, que podrían representar quizás unas 8 […]

  23. […] addressed in the patches, a number of serious vulnerabilities remained untouched, according to an analysis released on Wednesday by Mateusz Jurczyk and Gynvael Coldwind of […]

  24. […] el último boletín solo se corrigen alrededor de 25 de estos fallos en sus 12 CVEs. Así, los investigadores concluyen que existen unos 16 problemas no corregidos aún, que podrían representar quizás unas 8 […]

  25. […] http://j00ru.vexillium.org/?p=1175 […]

  26. […] los investigadores concluyen que existen unos 16 problemas no corregidos aún, que podrían representar quizás unas 8 vulnerabilidades graves (puesto que 25 problemas […]

  27. […] PDF fuzzing and Adobe Reader 9.5.1 and 10.1.3 multiple critical vulnerabilities http://j00ru.vexillium.org/?p=1175 Fuzzing at scale http://googleonlinesecurity.blogspot.ch/2011/08/fuzzing-at-scale.html APSB12-16: […]

  28. […] A Adobe liberou uma nova versão para o Reader na terça-feira (14/8), na qual foram corrigidas cerca de 20 falhas das versões para Mac e Windows. Apesar do número elevado de defeitos abordados nos patches, outras vulnerabilidades continuaram intocadas, de acordo com uma análise feita por Mateusz Jurczyk e Gynvael Coldwind, do Google. […]

  29. […] сотрудников компании на Google предупреждать Linux пользователей об опасности с помощью приложения […]

  30. […] five months ago, Gynvael Coldwind and I wrote about an effort to improve the security of popular PDF parsing and rendering software; back then, […]

  31. […] From Google’s security team blog: […]

  32. […] based on knowledge derived from binary diffing of the old and newly patched Windows builds,” Mateusz Jurczyk and Gynvael Coldwind of Google wrote in an analysis of the […]

  33. […] les chercheurs en sécurité pourront découvrir. Vous vous souvenez lorsqu’en 2012 Google utilisait sa technologie aléatoire pour s’intéresser à Adobe Reader ? Utilisez-vous la visionneuse de […]

  34. […] instances of our fuzzing efforts and their results have been documented in the past, see e.g. the “PDF fuzzing and Adobe Reader 9.5.1 and 10.1.3 multiple critical vulnerabilities”, “PDF Fuzzing Fun Continued: Status Update” or recent “FFmpeg and a thousand […]

  35. […] PDF fuzzing and Adobe Reader 9.5.1 and 10.1.3 multiple critical vulnerabilities http://j00ru.vexillium.org/?p=1175 […]

Post a Comment

Your email is never published nor shared. Required fields are marked *