A Vulnerability to Hack The World - CVE-2023-4863
Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned.
Want to learn hacking? Signup to https://hextree.io (ad)
Buy my shitty font: https://shop.liveoverflow.com/ (ad)
WebP Fix Commit: https://chromium.googlesource.com/web...
Citizenlab: https://citizenlab.ca/2023/09/blastpa...
Ben Hawkes: https://blog.isosceles.com/the-webp-0...
Software Updates
Apple https://support.apple.com/en-gb/106361
Chrome https://chromereleases.googleblog.com...
Firefox https://www.mozilla.org/en-US/securit...
Android https://www.mozilla.org/en-US/securit...
Whose CVE is it Anyway? https://adamcaudill.com/2023/09/14/wh...
References:
2014 bug introduction https://github.com/webmproject/libweb...
• How Computers Compress Text: Huffman ...
• Huffman Codes: An Information Theory ...
• How PNG Works: Compromising Speed for...
• Huffman coding step-by-step example
https://stackoverflow.com/questions/1...
https://web.archive.org/web/202302042...
enough.c https://github.com/madler/zlib/blob/d...
Thanks to:
/ mistymntncop
/ benhawkes
Chapters:
00:00 - Intro to CVE-2023-4863
01:32 - Most Valuable Vulnerability?
03:02 - Heap Overflow Related to Huffman Trees
03:58 - Learning about Huffman Codes
06:24 - What are Huffman Tables?
10:24 - Hardcoded Table Sizes (enough.c)
12:21 - Code Walkthrough - BuildHuffmanTable()
13:04 - The code_lengths[] and count[] Arrays
15:14 - Difference Between Compression and Decompression!
17:04 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Watch video A Vulnerability to Hack The World - CVE-2023-4863 online without registration, duration hours minute second in high quality. This video was added by user LiveOverflow 21 December 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 110,335 once and liked it 5.7 thousand people.