LibLMFuzz: LLM-Augmented Fuzz Target Generation for Black-Box Libraries

Outlet Title

2025 Cyber Awareness and Research Symposium (CARS)

Document Type

Conference Proceeding

Publication Date

2025

Abstract

A fundamental problem in cybersecurity and computer science is determining whether a program is free of bugs and vulnerabilities. Fuzzing, a popular approach to discovering vulnerabilities in programs, has several advantages over alternative strategies, although it has investment costs in the form of initial setup and continuous maintenance. The choice of fuzzing is further complicated when only a binary library is available, such as the case of closed-source and proprietary software. In response, we introduce LibLMFuzz, a framework that reduces costs associated with fuzzing closed-source libraries by pairing an agentic Large Language Model (LLM) with a lightweight toolchain (disassembler/compiler/fuzzer) to autonomously analyze stripped binaries, plan fuzzing strategies, generate drivers, and iteratively self-repair build and runtime errors. Tested on four widely used Linux libraries, LibLMFuzz produced syntactically correct drivers for all 558 fuzzable API functions, achieving 100% API coverage with no human intervention. Across the 1601 synthesized drivers, 75.52% were nominally correct on first execution. The results show that LLM-augmented middleware holds promise in reducing the costs of fuzzing black-box components and provides a foundation for future research efforts. Future opportunities exist for research in branch coverage.

Link to Full Text

Share

COinS