tags:variant_analysiscodeQLheap_overflow original link: Finding Vulnerability Variants at Scale newsletter link: exploits.club Weekly Newsletter 43 - Variant Analysis at Scale, SD Card Driver Bugs, TTE Trends, And More


Exploits Club Summary:

A fun new blog post on variant analysis at scale from @0xFBFBFBFB via Blackwing Intelligence’s blog. The post starts by discussing a vulnerability he identified by fuzzing an old library called jpeg-recompress during a security audit of a large project. The bug itself is an int overflow which is subsequently used as apart of a buffer size calculation, leading to a heap overflow. The bug was the result of improper usage of a function in libjpeg, likely due to some confusion surrounding the documentation. Because of this, 0xFBFBFBFB decided that some other projects may have fallen victim to the same pattern, so he decided to go on the hunt. He first used BigQuery against the bigquery-public-data.github_repos dataset. Of the 10,440 repos that returned, he then checked which ones had pre-compiled CodeQL databases, and from there identified 104 other codebases which were potentially vulnerable. The post ends with a chart of the affected software, including some heavy hitters like Chromium and WINE.