Optimizing WinAFL for Image Parsing Engine Vulnerability Discovery in PDF Readers

Yue Zhang; Zhibo Du

doi:10.54097/fcis.v3i1.6028

Authors

Yue Zhang
Zhibo Du

DOI:

https://doi.org/10.54097/fcis.v3i1.6028

Keywords:

Fuzzing, PDF file format, Exploitation of vulnerabilities

Abstract

Fuzzing is a kind of automated vulnerability discovering technique using black-box testing ideas. The PDF file format is very complex and can be embedded in many other formats, providing opportunities for malicious code to hide. In this paper, to solve the problem of high blindness in fuzzing for PDF files by the fuzzing tool WinAFL, we propose a targeted fuzzing scheme for the image parsing engine in PDF readers, optimize WinAFL purposefully, and conduct comparison experiments with the original WinAFL. The experiments show that the optimized fuzzing tool can find an average of 69.43% more unique crashes and 43.28% more path discoveries per unit of time for commonly used PDF readers. So, the method can improve the number of path discoveries and unique crash discoveries, proving the effectiveness and practicality of the method and using this method as an inspiration to propose an improved method for other embedded formats in PDF as the next research direction.

Downloads

Download data is not yet available.

References

J. Li, B. Zhao, and C. Zhang, “Fuzzing: a survey,” Cybersecurity, vol. 1, no. 1, pp. 1–13, 2018.

C. Chen, B. Cui, J. Ma, R. Wu, J. Guo, and W. Liu, “A systematic review of fuzzing techniques,” Computers & Security, vol. 75, pp. 118–137, 2018.

X. Yang, Y. Chen, E. Eide, and J. Regehr, “Finding and understanding bugs in C compilers,” in Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation, 2011, pp. 283–294.

V.-T. Pham, M. Böhme, A. E. Santosa, A. R. Căciulescu, and A. Roychoudhury, “ Smart greybox fuzzing ” IEEE Transactions on Software Engineering, vol. 47, no. 9, pp. 1980–1997, 2019.

M. Zalewski, "American fuzzy lop (afl) - a security-oriented fuzzer," Online. Available: http://lcamtuf.coredump.cx/afl/. [Accessed: Mar. 6, 2023].

M. Böhme, V.-T. Pham, and A. Roychoudhury, “Coverage-based greybox fuzzing as markov chain,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 1032–1043.

DynamoRIO Dynamic Instrumentation Tool Platform. Available online: https://dynamorio.org/page_home.html (accessed on March 6, 2023)

“WinAFL.” Google Project Zero, Mar. 06, 2023. Accessed: Mar. 07, 2023. [Online]. Available:

https://github.com/googleprojectzero/winafl

Adobe Systems Incorporated. (2018). PDF Reference (sixth edition): Adobe Portable Document Format version 1.7 [Online]. Available:

https://www.adobe.com/devnet/pdf/pdf_reference_archive.html.