Jazzer has found the following vulnerabilities and bugs.
As Jazzer is used to fuzz JVM projects in OSS-Fuzz, further findings are listed on the OSS-Fuzz issue tracker.
If you find bugs with Jazzer, we would like to hear from you! Feel free to open an issue or submit a pull request.
Project | Bug | Status | CVE | found by |
---|---|---|---|---|
hsqldb | Remote code execution via prepared statement values | recommended workaround | CVE-2022-41853 | OSS-Fuzz |
protocolbuffers/protobuf | Small protobuf messages can consume minutes of CPU time | fixed | CVE-2022-3171 | OSS-Fuzz |
OpenJDK | OutOfMemoryError via a small BMP image | fixed | CVE-2022-21360 | Code Intelligence |
OpenJDK | OutOfMemoryError via a small TIFF image | fixed | CVE-2022-21366 | Code Intelligence |
protocolbuffers/protobuf | Small protobuf messages can consume minutes of CPU time | fixed | CVE-2021-22569 | OSS-Fuzz |
jhy/jsoup | More than 19 Bugs found in HTML and XML parser | fixed | CVE-2021-37714 | Code Intelligence |
Apache/commons-compress | Infinite loop when loading a crafted 7z | fixed | CVE-2021-35515 | Code Intelligence |
Apache/commons-compress | OutOfMemoryError when loading a crafted 7z | fixed | CVE-2021-35516 | Code Intelligence |
Apache/commons-compress | Infinite loop when loading a crafted TAR | fixed | CVE-2021-35517 | Code Intelligence |
Apache/commons-compress | OutOfMemoryError when loading a crafted ZIP | fixed | CVE-2021-36090 | Code Intelligence |
Apache/PDFBox | Infinite loop when loading a crafted PDF | fixed | CVE-2021-27807 | Code Intelligence |
Apache/PDFBox | OutOfMemoryError when loading a crafted PDF | fixed | CVE-2021-27906 | Code Intelligence |
netplex/json-smart-v1 netplex/json-smart-v2 | JSONParser#parse throws an undeclared exception | fixed | CVE-2021-27568 | @GanbaruTobi |
OWASP/json-sanitizer | Output can contain</script> and ]]> , which allows XSS | fixed | CVE-2021-23899 | Code Intelligence |
OWASP/json-sanitizer | Output can be invalid JSON and undeclared exceptions can be thrown | fixed | CVE-2021-23900 | Code Intelligence |
alibaba/fastjon | JSON#parse throws undeclared exceptions | fixed | Code Intelligence | |
Apache/commons-compress | Infinite loop and OutOfMemoryError in TarFile | fixed | Code Intelligence | |
Apache/commons-compress | NullPointerException in ZipFile | fixed | Code Intelligence | |
Apache/commons-imaging | Parsers for multiple image formats throw undeclared exceptions | reported | Code Intelligence | |
Apache/PDFBox | Various undeclared exceptions | fixed | Code Intelligence | |
cbeust/klaxon | Default parser throws runtime exceptions | fixed | Code Intelligence | |
FasterXML/jackson-dataformats-binary | CBORParser throws an undeclared exception due to missing bounds checks when parsing Unicode | fixed | Code Intelligence | |
FasterXML/jackson-dataformats-binary | CBORParser throws an undeclared exception on dangling arrays | fixed | Code Intelligence | |
ngageoint/tiff-java | readTiff Index Out Of Bounds | fixed | @raminfp | |
google/re2j | NullPointerException in Pattern.compile | reported | @schirrmacher | |
google/gson | ArrayIndexOutOfBounds in ParseString | fixed | @DavidKorczynski |