1## Findings 2 3Jazzer has found the following vulnerabilities and bugs. 4 5As Jazzer is used to fuzz JVM projects in OSS-Fuzz, further findings are listed [on the OSS-Fuzz issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list). 6 7If you find bugs with Jazzer, we would like to hear from you! 8Feel free to [open an issue](https://github.com/CodeIntelligenceTesting/jazzer/issues/new) or submit a pull request. 9 10 11| Project | Bug | Status | CVE | found by | 12|-------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|-------------------------------------------------------------------------| 13| [hsqldb](https://hsqldb.org/) | Remote code execution via prepared statement values | [fixed](https://github.com/ryenus/hsqldb/commit/b6719c67b41eb9298c2451ad2829bf03b262a941) | [CVE-2022-41853](https://nvd.nist.gov/vuln/detail/CVE-2022-41853) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212) | 14| [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) | Small protobuf messages can consume minutes of CPU time | [fixed](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2) | [CVE-2022-3171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330) | 15| [OpenJDK](https://github.com/openjdk/jdk) | `OutOfMemoryError` via a small BMP image | [fixed](https://openjdk.java.net/groups/vulnerability/advisories/2022-01-18) | [CVE-2022-21360](https://nvd.nist.gov/vuln/detail/CVE-2022-21360) | [Code Intelligence](https://code-intelligence.com) | 16| [OpenJDK](https://github.com/openjdk/jdk) | `OutOfMemoryError` via a small TIFF image | [fixed](https://openjdk.java.net/groups/vulnerability/advisories/2022-01-18) | [CVE-2022-21366](https://nvd.nist.gov/vuln/detail/CVE-2022-21366) | [Code Intelligence](https://code-intelligence.com) | 17| [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) | Small protobuf messages can consume minutes of CPU time | [fixed](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67) | [CVE-2021-22569](https://nvd.nist.gov/vuln/detail/CVE-2021-22569) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330) | 18| [jhy/jsoup](https://github.com/jhy/jsoup) | More than 19 Bugs found in HTML and XML parser | [fixed](https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c) | [CVE-2021-37714](https://nvd.nist.gov/vuln/detail/CVE-2021-37714) | [Code Intelligence](https://code-intelligence.com) | 19| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop when loading a crafted 7z | fixed | [CVE-2021-35515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515) | [Code Intelligence](https://code-intelligence.com) | 20| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `OutOfMemoryError` when loading a crafted 7z | fixed | [CVE-2021-35516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516) | [Code Intelligence](https://code-intelligence.com) | 21| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop when loading a crafted TAR | fixed | [CVE-2021-35517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517) | [Code Intelligence](https://code-intelligence.com) | 22| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `OutOfMemoryError` when loading a crafted ZIP | fixed | [CVE-2021-36090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090) | [Code Intelligence](https://code-intelligence.com) | 23| [Apache/PDFBox](https://pdfbox.apache.org/) | Infinite loop when loading a crafted PDF | fixed | [CVE-2021-27807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27807) | [Code Intelligence](https://code-intelligence.com) | 24| [Apache/PDFBox](https://pdfbox.apache.org/) | OutOfMemoryError when loading a crafted PDF | fixed | [CVE-2021-27906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27906) | [Code Intelligence](https://code-intelligence.com) | 25| [netplex/json-smart-v1](https://github.com/netplex/json-smart-v1) <br/> [netplex/json-smart-v2](https://github.com/netplex/json-smart-v2) | `JSONParser#parse` throws an undeclared exception | [fixed](https://github.com/netplex/json-smart-v2/issues/60) | [CVE-2021-27568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568) | [@GanbaruTobi](https://github.com/GanbaruTobi) | 26| [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can contain`</script>` and `]]>`, which allows XSS | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23899) | [Code Intelligence](https://code-intelligence.com) | 27| [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can be invalid JSON and undeclared exceptions can be thrown | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23900) | [Code Intelligence](https://code-intelligence.com) | 28| [alibaba/fastjson](https://github.com/alibaba/fastjson) | `JSON#parse` throws undeclared exceptions | [fixed](https://github.com/alibaba/fastjson/issues/3631) | | [Code Intelligence](https://code-intelligence.com) | 29| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop and `OutOfMemoryError` in `TarFile` | [fixed](https://issues.apache.org/jira/browse/COMPRESS-569) | | [Code Intelligence](https://code-intelligence.com) | 30| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `NullPointerException` in `ZipFile` | [fixed](https://issues.apache.org/jira/browse/COMPRESS-568) | | [Code Intelligence](https://code-intelligence.com) | 31| [Apache/commons-imaging](https://commons.apache.org/proper/commons-imaging/) | Parsers for multiple image formats throw undeclared exceptions | [reported](https://issues.apache.org/jira/browse/IMAGING-279?jql=project%20%3D%20%22Commons%20Imaging%22%20AND%20reporter%20%3D%20Meumertzheim%20) | | [Code Intelligence](https://code-intelligence.com) | 32| [Apache/PDFBox](https://pdfbox.apache.org/) | Various undeclared exceptions | [fixed](https://issues.apache.org/jira/browse/PDFBOX-5108?jql=project%20%3D%20PDFBOX%20AND%20reporter%20in%20(Meumertzheim)) | | [Code Intelligence](https://code-intelligence.com) | 33| [cbeust/klaxon](https://github.com/cbeust/klaxon) | Default parser throws runtime exceptions | [fixed](https://github.com/cbeust/klaxon/pull/330) | | [Code Intelligence](https://code-intelligence.com) | 34| [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception due to missing bounds checks when parsing Unicode | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/236) | | [Code Intelligence](https://code-intelligence.com) | 35| [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception on dangling arrays | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/240) | | [Code Intelligence](https://code-intelligence.com) | 36| [ngageoint/tiff-java](https://github.com/ngageoint/tiff-java) | `readTiff ` Index Out Of Bounds | [fixed](https://github.com/ngageoint/tiff-java/issues/38) | | [@raminfp](https://github.com/raminfp) | 37| [google/re2j](https://github.com/google/re2j) | `NullPointerException` in `Pattern.compile` | [reported](https://github.com/google/re2j/issues/148) | | [@schirrmacher](https://github.com/schirrmacher) | 38| [google/gson](https://github.com/google/gson) | `ArrayIndexOutOfBounds` in `ParseString` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40838) | | [@DavidKorczynski](https://twitter.com/Davkorcz) | 39| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` in `Composer` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024) | [CVE-2022-38749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38749) | [Code Intelligence](https://code-intelligence.com) | 40| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` in `BaseConstructor` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027) | [CVE-2022-38750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38750) | [Code Intelligence](https://code-intelligence.com) | 41| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by regex parse failure in `java.util.regex` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039) | [CVE-2022-38751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751) | [Code Intelligence](https://code-intelligence.com) | 42| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by recursion in `java.util.ArrayList` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081) | [CVE-2022-38752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752) | [Code Intelligence](https://code-intelligence.com) | 43| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by recursion in `java.util.ArrayList` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355) | [CVE-2022-41854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854) | [Code Intelligence](https://code-intelligence.com) | 44| [jettison-json/jettison](https://github.com/jettison-json/jettison/) | `StackOverflowError` in `JSONTokener` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538) | [CVE-2022-40149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149) | [Code Intelligence](https://code-intelligence.com) | 45| [jettison-json/jettison](https://github.com/jettison-json/jettison/) | `OutOfMemoryError` when parsing json objects | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549) | [CVE-2022-40150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150) | [Code Intelligence](https://code-intelligence.com) | 46| [x-stream/xstream](https://github.com/x-stream/xstream/) | `StackOverflowError` in `xstream.core` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367) | [CVE-2022-40151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151) | [Code Intelligence](https://code-intelligence.com) | 47| [FasterXML/woodstox](https://github.com/FasterXML/woodstox/) | `StackOverflowError` in `WordResolver` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434) | [CVE-2022-40152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152) | [Code Intelligence](https://code-intelligence.com) | 48| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `DefaultJSONParser` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32410) | [CVE-2022-40173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40173) | [Code Intelligence](https://code-intelligence.com) | 49| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `JSONPath` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35777) | [CVE-2022-40174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40174) | [Code Intelligence](https://code-intelligence.com) | 50| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `JSONPath` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47686) | [CVE-2022-40175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40175) | [Code Intelligence](https://code-intelligence.com) | 51| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `DefaultJSONParser` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37313) | [CVE-2022-41855](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41855) | [Code Intelligence](https://code-intelligence.com) | 52| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `SerialContext` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33768) | [CVE-2022-41856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41856) | [Code Intelligence](https://code-intelligence.com) | 53| [Apache/commons-jxpath](https://github.com/apache/commons-jxpath/) | Remote code execution via crafted `XPath` expression | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133) | | [Code Intelligence](https://code-intelligence.com) | 54