Awesome
Fuzzing Benchmark - Real world programs
List the real world programs evaluated in fuzzing papers. Rank
TODO: count #CVE
Dowser - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
- nginx
- ffmpeg
- inspircd
- poppler (libpoppler)
- libpoppler
- libexif
- snort
MAYHEM - Unleashing Mayhem on Binary Code
- a2ps
- aeon
- aspell
- atphttpd
- faceradius
- ghostscript
- glftpd
- gnugol
- htget
- htpasswd
- iwdconfig
- mbse-bbs
- ncompress
- orzhttpd
- psutils
- rsync
- sharutils
- socat
- squirrel mail
- tipxd
- xgalaga
- xtokkaetama
FuzzSim -Scheduling Black-box Mutational Fuzzing
- ffmpeg
- 100 different Linux applications (unknown)
COVERSET - Optimizing Seed Selection for Fuzzing
- xpdf
- mupdf
- pdf2svg (libpoppler)
- libpoppler
- ffmpeg
- mplayer
- mp3gain
- eog
- convert
- gif2png (libpng)
- libpng
- jpegtran (libjpeg)
- libjpeg
SYMFUZZ - Program-Adaptive Mutational Fuzzing
- abcm2ps
- autotrace
- bib2xml
- catdvi
- figtoipe
- gif2png (libpng)
- libpng
- pdf2svg (libpoppler)
- libpoppler
- mupdf
MutaGen - Turning Programs Against Each Other: High Coverage Fuzz-testing Using Binary-code Mutation and Dynamic Slicing.
- avconv
- convert
- nconvert
- pdftocairo
- mudraw
- mupdf
- pdftops
- ps2pdf
- inkscape
AFLFast - Coverage-based Greybox Fuzzing as Markov Chain
- nm (binutils)
- objdump (binutils)
- strings (binutils)
- size (binutils)
- c++filt (binutils)
- binutils
SeededFuzz - Selecting and Generating Seeds for Directed Fuzzing
- mpeg3dump (libmpeg3)
- libmpeg3
- png2swf (swftools)
- gif2swf (swftools)
- swftools
- cjpeg (libjpeg)
- libjpeg
- speexenc
VUzzer - Application-aware Evolutionary Fuzzing
- mpg321 (libasound)
- libasound
- gif2png (libpng)
- libpng
- pdf2svg (libpoppler)
- libpoppler
- tcpdump (libpcap)
- tcptrace (libpcap)
- libpcap
- djpeg (libjpeg)
- libjpeg
Steelix - Program-State Based Binary Fuzzing
- tiff2pdf (libtiff)
- tiffcp (libtiff)
- libtiff
- pngfix (libpng)
- libpng
- gzip
- tcpdump (libpcap)
- libpcap
Skyfire - Data-Driven Seed Generation for Fuzzing
- Sablotron
- libxslt
- libxml2
- Javascript engine in Internet Explorer
kAFL - Hardware-Assisted Feedback Fuzzing for OS Kernels
- Windows
- Linux
- macOS
DIFUZE - Interface Aware Fuzzing for Kernel Drivers.
- ioctl handlers
Orthrus - Static Program Analysis as a Fuzzing Aid
- c-ares
- libxml2
- openssl
- nDPI
- tcpdump (libpcap)
- libpcap
- woff2
Chizpurfle - A Gray-Box Android Fuzzer for Vendor Service Customizations
- Android services
VDF - Targeted Evolutionary Fuzz Testing of Virtual Devices
- Virtual devices
IMF - Inferred Model-based Fuzzer
- macOS API
NEZHA - Efficient Domain-Independent Differential Testing
- openssl
- libressl
- boringssl
- wolfssl
- mbedtls
- gnutls
- binutils (libbfd)
- clamav (libclamav)
- xzutils
- evince
- mupdf
- xpdf
S2F - Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing
- readelf (binutils)
- objdump (binutils)
- binutils
- djpeg (libjpeg)
- libjpeg
- gzip
- ffmpeg
- tcpdump (libpcap)
- libpcap
- capstone
- gif2png (libpng)
- libpng
FairFuzz - Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage
- tcpdump (libpcap)
- libpcap
- nm (binutils)
- objdump (binutils)
- readelf (binutils)
- c++filt (binutils)
- binutils
- mutool draw (mupdf)
- mupdf
- xmllint (libxml2)
- libxml2
- djpeg (libjpeg)
- libjpeg
- readpng (libpng)
- libpng
Angora - Efficient Fuzzing by Principled Search
- file
- jhead
- xmlwf (expat)
- expat
- djpeg (libjpeg)
- libjpeg
- readpng (libpng)
- libpng
- nm (binutils)
- objdump (binutils)
- size (binutils)
- binutils
T-Fuzz - fuzzing by program transformation
- pngfix (libpng)
- libpng
- tiffinfo (libtiff)
- libtiff
- ImageMagick
- pdftohtml (lipoppler)
- libpoppler
MEDS - Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing
- chorme
- firefox
- apche
- nginx
- PHP7
- lci
- picoc
- ImageMagick
- wren
- espruino
- tinyvm
- raptor
- swftools
- exifprobe
- metacam
- jhead
CollAFL - Path Sensitive Fuzzing
- catdoc
- tiff2pdf (libtiff)
- tiff2ps (libtiff)
- tiffset (libtiff)
- libtiff
- listswf (libming)
- libming
- objdump (binutils)
- nm (binutils)
- binutils
- tcpdump (libpcap)
- libpcap
- exiv2
- vim
- nasm
- libncurses
- clamav (libclamav)
- libav
- libtorrent
- libpspp
- libsass
- libdwarf
- bison
- cflow
NEUZZ - Efficient Fuzzing with Neural Program Smoothing
- readelf (binutils)
- harfbuzz
- libjpeg
- mupdf
- libxml
- nm (binutils)
- objdump (binutils)
- size (binutils)
- strip
- zlib
- binutils
Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing
- bsdtar (libarchive)
- libarchive
- cer-basic (libksba)
- libksba
- cjson
- djpeg (libjpeg)
- libjpeg
- pdftohtml (libpoppler)
- libpoppler
- readelf (binutils)
- binutils
- sfconvert (audiofile)
- audiofile
- tcpdump (libpcap)
- libpcap
REDQUEEN: Fuzzing with Input-to-State Correspondence
- ar (binutils)
- size (binutils)
- c++filt (binutils)
- strings (binutils)
- nm (binutils)
- objdump (binutils)
- readelf (binutils)
- as (bintutils)
- binutils
- gprof
- tiff2ps (libtiff)
- libtiff
- jhead
- fdk-acc
- ImageMagick
- wine
- mruby
- sam2p
- bash
- libxml2
- perl
NAUTILUS: Fishing for Deep Bugs with Grammars
- mruby
- PHP
- Lua
- ChakracCore
Smart Greybox Fuzzing
- mpg321
- gif2png (libpng)
- libpng
- pdf2svg (libpoppler)
- libpoppler
- tcpdump (libpcap)
- tcptrace (libpcap)
- libpcap
- djpeg (libjpeg)
- libjpeg
Qsym : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
- libjpeg
- libpng
- libtiff
- lepton
- openjpeg
- tcpdump (libpcap)
- libpcap
- file
- libarchive
- audiofile
- ffmpeg
- binutils
TIFF: Using Input Type Inference To Improve Fuzzing
- mpg321 (libasound)
- libasound
- pdf2svg (libpoppler)
- libpoppler
- jbig2dev (libjbig2dev)
- potrace (libpotrace)
- gif2png (libpng)
- libpng
- tcptrace (libpcap)
- libpcap
- autotrace (libautotrace)
- pdftocairo (libcairo)
- convert (*libGraphicsMagick)