Tests linked here cover vulnerable versions of libraries. In general the tests will try to highlight a bad behavior so that the detection strategy can also be heuristic rather than signature based.