A Vulnerability to Hack The World - CVE-2023-4863
Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned.
Want to learn hacking? Signup to https://hextree.io (ad)
Buy my shitty font: https://shop.liveoverflow.com/ (ad)
WebP Fix Commit: https://chromium.googlesource.com/web...
Citizenlab: https://citizenlab.ca/2023/09/blastpa...
Ben Hawkes: https://blog.isosceles.com/the-webp-0...
Software Updates
Apple https://support.apple.com/en-gb/106361
Chrome https://chromereleases.googleblog.com...
Firefox https://www.mozilla.org/en-US/securit...
Android https://www.mozilla.org/en-US/securit...
Whose CVE is it Anyway? https://adamcaudill.com/2023/09/14/wh...
References:
2014 bug introduction https://github.com/webmproject/libweb...
• How Computers Compress Text: Huffman ...
• Huffman Codes: An Information Theory ...
• How PNG Works: Compromising Speed for...
• Huffman coding step-by-step example
https://stackoverflow.com/questions/1...
https://web.archive.org/web/202302042...
enough.c https://github.com/madler/zlib/blob/d...
Thanks to:
/ mistymntncop
/ benhawkes
Chapters:
00:00 - Intro to CVE-2023-4863
01:32 - Most Valuable Vulnerability?
03:02 - Heap Overflow Related to Huffman Trees
03:58 - Learning about Huffman Codes
06:24 - What are Huffman Tables?
10:24 - Hardcoded Table Sizes (enough.c)
12:21 - Code Walkthrough - BuildHuffmanTable()
13:04 - The code_lengths[] and count[] Arrays
15:14 - Difference Between Compression and Decompression!
17:04 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Смотрите видео A Vulnerability to Hack The World - CVE-2023-4863 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь LiveOverflow 21 Декабрь 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 110,335 раз и оно понравилось 5.7 тысяч людям.