{"id":13842285,"url":"https://github.com/xinali/articles","last_synced_at":"2025-07-11T14:31:39.009Z","repository":{"id":37456159,"uuid":"123120906","full_name":"xinali/articles","owner":"xinali","description":"Personal Blog/主记录漏洞挖掘相关研究(文章位于issues)","archived":false,"fork":false,"pushed_at":"2020-07-28T03:23:07.000Z","size":54,"stargazers_count":232,"open_issues_count":77,"forks_count":20,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-08-05T17:31:10.723Z","etag":null,"topics":["binary","binary-security","blogs","websecurity"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xinali.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-27T11:40:22.000Z","updated_at":"2024-06-18T13:58:24.000Z","dependencies_parsed_at":"2022-07-14T03:30:37.403Z","dependency_job_id":null,"html_url":"https://github.com/xinali/articles","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xinali%2Farticles","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xinali%2Farticles/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xinali%2Farticles/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xinali%2Farticles/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xinali","download_url":"https://codeload.github.com/xinali/articles/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729947,"owners_count":17515196,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary","binary-security","blogs","websecurity"],"created_at":"2024-08-04T17:01:31.135Z","updated_at":"2024-11-21T12:31:08.206Z","avatar_url":"https://github.com/xinali.png","language":null,"readme":"# articles\n\n个人博客。\n\n本职工作从事恶意代码分析，时间有限，记录业余兴趣研究\n\n## Found Bugs\n\n### Open Source\n\n[heap-based out-of-bounds read when parsing otf file with undefined FontName in svg option (afdko)](https://github.com/xinali/articles/issues/49)   \n[heap-based out-of-bounds read when parsing otf file with undefined glyph name in svg option (afdko)](https://github.com/xinali/articles/issues/47)    \n[exiv2 parse url crash (exiv2)](https://github.com/Exiv2/exiv2/issues/1065)        \n[pdf2jp2 use NULL pointer cause crash (openjpeg)](https://github.com/uclouvain/openjpeg/issues/1220)    \n[svg-native-viewer heap-buffer-overflow on SVGNative::SVGStringParser::SkipOptWsp](https://github.com/adobe/svg-native-viewer/issues/62)    \n[svg-native-viewer NULL pointer dereference in SVGDocumentImpl::TraverseSVGTree](https://github.com/adobe/svg-native-viewer/issues/63)     \n[svg-native-viewer Infinite loop in CreatePath](https://github.com/adobe/svg-native-viewer/issues/64)    \n[svg-native-viewer NULL pointer dereference in SVGNative::SVGDocument::Render](https://github.com/adobe/svg-native-viewer/issues/65)     \n[svg-native-viewer NULL pointer dereference in SVGDocument::Render(const ColorMap\u0026 colorMap) function](https://github.com/adobe/svg-native-viewer/issues/65)   \n[When parsing malformed pcap file, tcpflow crash with abort](https://github.com/simsong/tcpflow/issues/216)     \n[When parsing malformed pcap file, tcpflow abort in frame_too_short](https://github.com/simsong/tcpflow/issues/217)  \n[libwab heap-based out-of-bound read in write_ldif](https://github.com/pboettch/libwab/issues/2)  \n[libwab heap-based out-of-bound read in output_subrecord](https://github.com/pboettch/libwab/issues/1)    \n[shadowsocksr-native混淆验证auth.c存在基于堆的越界写漏洞](https://github.com/ShadowsocksR-Live/shadowsocksr-native/issues/128)\n\n\n### Close Source\n[Microsoft Font Subsetting DLL heap-based out-of-bounds read in CreateFontPackage(in fontsub!GetGlyphIdx)](https://github.com/xinali/articles/issues/48)   \n[Microsoft Font Subsetting DLL Stack Exhaustion at fontsub!GetComponentGlyphList](https://github.com/xinali/articles/issues/46)   \n[Microsoft Font Subsetting DLL heap-based out-of-bounds read in CreateFontPackage(CVE-2019-1468)](https://github.com/xinali/articles/issues/51)    \n[Microsoft Windows CVE-2019-1468](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1468)      \n[Microsoft Windows CVE-2020-0607](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0607)     \n[Microsoft Windows CVE-2020-0744](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0744)     \n[Microsoft Windows CVE-2020-0821](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0821)     \n[Microsoft Windows CVE-2020-0879](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0879)    \n[Microsoft Windows CVE-2020-1007](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1007)  \n[Microsoft Windows CVE-2020-1351](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1351)   \n[Windows 10帮助文件chm格式漏洞挖掘](https://github.com/xinali/articles/issues/53) \n\n\n\n## 二进制\n\n### 漏洞分析\n\n[tcpdump 4.5.1 crash 深入分析](https://www.anquanke.com/post/id/166711)   \n[CoolPlayer bypass DEP(CVE-2008-3408)分析](https://www.anquanke.com/post/id/167424)        \n[IE11 CVE-2017-0037 Type Confusion分析](https://www.anquanke.com/post/id/168916)   \n[Code Blocks 17.12 Local Buffer Overflow分析](https://www.anquanke.com/post/id/170028)   \n[openssl 1.1.0a UAF(CVE-2016-6309)分析](https://github.com/xinali/articles/issues/35)    \n[Adobe Reader CVE-2010-2883分析](https://github.com/xinali/articles/issues/36)      \n[openssl CVE-2016-0799分析](https://github.com/xinali/articles/issues/38)    \n[CVE-2018-1270 RCE分析(web/java)](https://www.anquanke.com/post/id/104926)   \n[Linux off by one漏洞(基于栈)](https://github.com/xinali/articles/issues/28)       \n[Stackoverflow + SEH的利用](https://github.com/xinali/articles/issues/24)      \n[DWORD SHOOT + SEH的利用(基于堆)](https://github.com/xinali/articles/issues/25)        \n[Windows Heap Overflow(win2000)](https://github.com/xinali/articles/issues/18)   \n[FREE WMA MP3 CONVERTER 1.8缓冲区溢出漏洞复现](https://github.com/xinali/articles/issues/21)  \n[CrashesAnalysis_1 (afdko)](https://github.com/xinali/articles/issues/61)  \n[CrashesAnalysis_2 (afdko)](https://github.com/xinali/articles/issues/62)  \n\n\n### fuzz\n[opessl fuzzing测试学习过程](https://github.com/xinali/articles/issues/39)   \n[基于protobuf构建fuzzer(libpng)](https://github.com/xinali/articles/issues/37)  \n[fuzz CVE-2019-1117](https://github.com/xinali/articles/issues/58)  \n[fuzz CVE-2019-1118](https://github.com/xinali/articles/issues/59)  \n[fuzz CVE-2019-1127](https://github.com/xinali/articles/issues/60)  \n[cpython历史漏洞分析及其fuzzer编写](https://github.com/xinali/articles/issues/64)  \n[一个简单的多进程且易于使用的传统fuzzer](https://github.com/xinali/articles/issues/65)   \n\n### crackme\n\n[一道有趣的crackme](https://github.com/xinali/articles/issues/11)  \n[看雪腾讯ctf第二题](https://github.com/xinali/articles/issues/12)  \n[看雪腾讯ctf第三题](https://github.com/xinali/articles/issues/13)  \n[看雪腾讯ctf第五题(待完善)](https://github.com/xinali/articles/issues/14)  \n[Crackme160-003](https://github.com/xinali/articles/issues/20)  \n\n\n### MISC\n\n[IoDeleteSymbolicLink遇到的问题](https://github.com/xinali/articles/issues/32)   \n[DynELF leak函数导致堆栈不平衡](https://github.com/xinali/articles/issues/40)       \n[Linux x64 pwn 学习](https://github.com/xinali/articles/issues/41)      \n[记录一次恶心混淆之静态配置解密的处理](https://github.com/xinali/articles/issues/42)      \n[逆向初期简单随笔](https://github.com/xinali/articles/issues/2)    \n[逆向中的base64加解密](https://github.com/xinali/articles/issues/5)    \n[windbg 使用](https://github.com/xinali/articles/issues/7)     \n[ollyscript 大量实例及其说明文档](https://github.com/xinali/articles/issues/6)   \n[pwn初探](https://github.com/xinali/articles/issues/17)   \n[ASLR+NX绕过](https://github.com/xinali/articles/issues/4)  \n[Linux网络编程模型](https://github.com/xinali/articles/issues/57)\n\n\n\n## 网络安全\n\n[nodejs 反序列化](https://github.com/xinali/articles/issues/19)       \n[SSRF漏洞研究](https://github.com/xinali/articles/issues/16)       \n[XXE 漏洞研究](https://github.com/xinali/articles/issues/1)        \n[sopypy xxe问题思考](https://github.com/xinali/articles/issues/9)      \n\n\n## 开发\n\n[渗透测试系统penework的设计及实现](https://github.com/xinali/articles/issues/22)     \n[总体文章](https://github.com/xinali/articles/issues)   \n\n","funding_links":[],"categories":["Others","Others (1002)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxinali%2Farticles","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxinali%2Farticles","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxinali%2Farticles/lists"}