How fuzzing F3D’s 3D file parser with a dictionary-based libFuzzer harness found four memory corruption vulnerabilities in VTK’s GLTF document loader — two use-after-frees, a heap buffer overflow, and a buffer overread.
How fuzzing F3D’s 3D file parser with a dictionary-based libFuzzer harness found four memory corruption vulnerabilities in VTK’s GLTF document loader — two use-after-frees, a heap buffer overflow, and a buffer overread.