11. File Format Fuzzing

“If this were a dictatorship, it’d be a heck of a lot easier, just so long as I’m the dictator.”

George W. Bush, Washington, DC, December 19, 2000

File format fuzzing is a specialized fuzzing method with specifically defined targets. These targets are usually client-side applications. Examples include media players, Web browsers, and office productivity suites. However, targets can also be servers, such as antivirus gateway scanners, spam filters, and even regular e-mail servers. The end goal of file format fuzzing is to find an exploitable flaw in the way that an application parses a certain type of file.

An impressive number of client-side file format parsing vulnerabilities were uncovered in 2005 and 2006, ...

Get Fuzzing: Brute Force Vulnerability Discovery now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.