@hanno I think ghostscript has been neglected by fuzzers (perhaps people don't realize how easy it is to reach remotely?). Help appreciated!
-
-
Replying to @taviso
last time I checked they still had a bunch of issues unfixed from what
@gynvael did in 2013 http://bugs.ghostscript.com/buglist.cgi?component=fuzzing&query_format=advanced&resolution= …---1 reply 0 retweets 1 like -
seems the 2013 issues are fixed now, but someone else has fuzzed a lot in 2015.
1 reply 0 retweets 0 likes -
ok, maybe it wasn't
@gynvael - but 120 unfixed fuzzing issues (without the sample files in the tracker...)1 reply 0 retweets 0 likes -
It doesn't look good, but i've found them responsive - maybe they need help minimizing and simplifying testcases.
1 reply 0 retweets 1 like -
it's also tough to tell from those bugs which ones are security issues, imo they should publish the testcases to get help.
1 reply 0 retweets 0 likes
That sounds ridiculous, maybe you could fuzz it properly? :-)
-
-
the current ghostscript ps parser survived half an hour of afl without crashes, that's better than I expected :-)
0 replies 1 retweet 3 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.