Notes on fuzzing ImageMagick and GraphicsMagick

Given the gaping chasm between what was expected and the massive success of OSS-Fuzz on ImageMagick and GraphicsMagick I thought it would be helpful to review what factors I thought were contributing to OSS-Fuzz finding so many vulnerabilities and other bugs:

Scale OSS-Fuzz leverages Google’s massive server farms to bring serious compute to bear on fuzzing. Improvement In addition to security issues, OSS-Fuzz also files bugs on memory leaks, timeouts, and out-of-memory issues. I’d like to extend a huge thank you to the ImageMagick and GraphicsMagick teams, who were supportive of our efforts to integrate their projects into OSS-Fuzz, and who took on the lion’s share of the work: resolving both the vulnerabilities that were reported, as well as the other bugs.

Source: alexgaynor.net