The blog post about the libwebp vulnerability fuzzing is up, it explains how I set up the experiment, how the crash was found and why oss-fuzz was not able to find it: https://www.srlabs.de/blog-post/advanced-fuzzing-unmasks-elusive-vulnerabilities #fuzzing