On November 7, 2020 I had the pleasure of doing a gentle introduction to program instrumentation to an audience of mostly developers at the "Oπe\n conf 2020" conference. The presentation showed how instrumentation could be used to identify security bugs in software, but also how to protect production binaries from exploitation through program instrumentation.
Hello, I'm Aris Thallas, a computer security researcher working at CENSUS. Back in February 2020 I had the pleasure of presenting my work on proprietary hypervisor emulation and bug discovery at the OffensiveCon 2020 conference.
CENSUS was one of the sponsors of FOSSCOMM 2018, the annual free and open source communities conference, that took place this year in Heraklion, Crete. CENSUS participated in the conference with a two part presentation on Program Instrumentation.
|Affected Products:||Applications using GDCM versions < 2.6.2 and the ImageRegionReader :: ReadIntoBuffer API call|
|Class:||Integer Overflow or Wraparound (CWE-190)|
|Discovered by:||Stelios Tsampas|
Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM
are listed here and here.