Jazzer has found the following vulnerabilities and bugs.
As Jazzer is used to fuzz JVM projects in OSS-Fuzz, further findings are listed on the OSS-Fuzz issue tracker.
If you find bugs with Jazzer, we would like to hear from you! Feel free to open an issue or submit a pull request.
| Project | Bug | Status | CVE | found by |
|---|---|---|---|---|
| hsqldb | Remote code execution via prepared statement values | recommended workaround | CVE-2022-41853 | OSS-Fuzz |
| protocolbuffers/protobuf | Small protobuf messages can consume minutes of CPU time | fixed | CVE-2022-3171 | OSS-Fuzz |
| OpenJDK | OutOfMemoryError via a small BMP image | fixed | CVE-2022-21360 | Code Intelligence |
| OpenJDK | OutOfMemoryError via a small TIFF image | fixed | CVE-2022-21366 | Code Intelligence |
| protocolbuffers/protobuf | Small protobuf messages can consume minutes of CPU time | fixed | CVE-2021-22569 | OSS-Fuzz |
| jhy/jsoup | More than 19 Bugs found in HTML and XML parser | fixed | CVE-2021-37714 | Code Intelligence |
| Apache/commons-compress | Infinite loop when loading a crafted 7z | fixed | CVE-2021-35515 | Code Intelligence |
| Apache/commons-compress | OutOfMemoryError when loading a crafted 7z | fixed | CVE-2021-35516 | Code Intelligence |
| Apache/commons-compress | Infinite loop when loading a crafted TAR | fixed | CVE-2021-35517 | Code Intelligence |
| Apache/commons-compress | OutOfMemoryError when loading a crafted ZIP | fixed | CVE-2021-36090 | Code Intelligence |
| Apache/PDFBox | Infinite loop when loading a crafted PDF | fixed | CVE-2021-27807 | Code Intelligence |
| Apache/PDFBox | OutOfMemoryError when loading a crafted PDF | fixed | CVE-2021-27906 | Code Intelligence |
| netplex/json-smart-v1 netplex/json-smart-v2 | JSONParser#parse throws an undeclared exception | fixed | CVE-2021-27568 | @GanbaruTobi |
| OWASP/json-sanitizer | Output can contain</script> and ]]>, which allows XSS | fixed | CVE-2021-23899 | Code Intelligence |
| OWASP/json-sanitizer | Output can be invalid JSON and undeclared exceptions can be thrown | fixed | CVE-2021-23900 | Code Intelligence |
| alibaba/fastjon | JSON#parse throws undeclared exceptions | fixed | Code Intelligence | |
| Apache/commons-compress | Infinite loop and OutOfMemoryError in TarFile | fixed | Code Intelligence | |
| Apache/commons-compress | NullPointerException in ZipFile | fixed | Code Intelligence | |
| Apache/commons-imaging | Parsers for multiple image formats throw undeclared exceptions | reported | Code Intelligence | |
| Apache/PDFBox | Various undeclared exceptions | fixed | Code Intelligence | |
| cbeust/klaxon | Default parser throws runtime exceptions | fixed | Code Intelligence | |
| FasterXML/jackson-dataformats-binary | CBORParser throws an undeclared exception due to missing bounds checks when parsing Unicode | fixed | Code Intelligence | |
| FasterXML/jackson-dataformats-binary | CBORParser throws an undeclared exception on dangling arrays | fixed | Code Intelligence | |
| ngageoint/tiff-java | readTiff Index Out Of Bounds | fixed | @raminfp | |
| google/re2j | NullPointerException in Pattern.compile | reported | @schirrmacher | |
| google/gson | ArrayIndexOutOfBounds in ParseString | fixed | @DavidKorczynski |