Automatic Library Fuzzing through API Relation Evolvement

Our system has already found 32 previously unknown vulnerabilities in well-tested libraries, including OpenSSL and libpcre2. Some of the vulnerabilities are assigned with CVEs: CVE-2023-36328, CVE-2023-36327, CVE-2023-36326, CVE-2023-29822, CVE-2022-46386.

Recommended citation: Jiayi Lin, Qingyu Zhang, Junzhe Li, Chenxin Sun, Changhua Luo, Hao Zhou, Chenxiong Qian, "Automatic Library Fuzzing through API Relation Evolvement." In the proceedings of The 32nd Network and Distributed System Security Symposium (NDSS 25), 2025.