Pages - Menu

Tuesday, February 3, 2015

Iceweasel 18.0.1 xulrunner-18.0/libxul.so Stack Corruption Vulnerability

Title : Iceweasel 18.0.1 xulrunner-18.0/libxul.so Stack Corruption Vulnerability
Discoverer: Cihat YILDIZ (@cihatix)
Web page : www.binarysniper.net
Test: Debian Linux 3.7 SMP Kali 6
Platform: x64
Status: Not Fixed
Severity: Medium

Discovered : 25 December 2014
Reported :      2 February  2015
Published :     February  2015

Crasher: crasher.pdf
Fuzzing Offset: 280866  (20 30 30 30->FF FF FF FF)

GDB Exploitable Log:


Evince 3.10.3 Crashed with SIGABRT in __kernel_vsyscall()

Title : Evince 3.10.3 Crashed with SIGABRT in __kernel_vsyscall()
Discoverer: Cihat YILDIZ (@cihatix)
Web page : www.binarysniper.net
Test: Ubuntu 14.04.LTS
Status: Fixed in Poppler_0.31
Severity: Medium

Discovered : 25 December 2014
Reported :      2 February  2015
Published :     February  2015

Ubuntu ID: 1417561
FreeDesktop Bugzilla ID: 88990
Crasher: crasher.pdf

GDB Log: