Reference

Seed corpora for fuzzing

Where to find starter inputs for 12+ common file formats. Each page has upstream sources, harness scaffolds, and mutator hints for AFL++ + libFuzzer campaigns.

Document

The broadest attack surface in document parsing — 700+ spec pages and decades of implementation debt.

Binary OLE2 and ZIP-based XML — two completely different parser stacks hiding under one file extension.

Plain-text container with binary payloads — RTF's escape-everything encoding hides parser complexity behind readable syntax.

Image

Chunk-driven with mandatory CRC validation — perfect for dictionary-assisted and structure-aware mutation.

Marker-segmented with Huffman entropy coding — entropy streams make pure random mutation less effective than marker-aware strategies.

RIFF container with three distinct codec paths — lossy VP8, lossless VP8L, and animated VP8X each need separate corpus coverage.

Archive

Dual-directory format with overlapping metadata fields — inconsistencies between local and central directory headers are a classic bug class.

Sequential header-data blocks with octal numeric fields — path traversal and header field overflow are the two dominant bug classes.

Thin header wrapper around raw Deflate — the real attack surface is the Deflate decompressor, not the 10-byte gzip header.

Executable

The universal Linux binary format — ELF parsers run as root in loaders and in privileged analysis tools, making bugs high-impact.

The Windows executable format — parsed by every AV engine, loader, and reverse engineering tool on the planet.

Data

Ubiquitous text-based data format — parser diversity and number handling edge cases make JSON a rewarding fuzz target.