A Vulnerability to Hack The World - CVE-2023-4863

Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned. Want to learn hacking? Signup to https://hextree.io (ad) Buy my shitty font: https://shop.liveoverflow.com/ (ad) WebP Fix Commit: https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a Citizenlab: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ Ben Hawkes: https://blog.isosceles.com/the-webp-0day/ Software Updates Apple https://support.apple.com/en-gb/106361 Chrome https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html Firefox https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ Android https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ Whose CVE is it Anyway? https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/ References: 2014 bug introduction https://github.com/webmproject/libwebp/commit/f75dfbf23d1df1be52350b1a6fc5cfa6c2194499 https://www.youtube.com/watch?v=JsTptu56GM8 https://www.youtube.com/watch?v=B3y0RsVCyrw https://www.youtube.com/watch?v=EFUYNoFRHQI https://www.youtube.com/watch?v=iEm1NRyEe5c https://stackoverflow.com/questions/13804629/huffman-code-with-lookup-table https://web.archive.org/web/20230204211844/https://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art007 enough.c https://github.com/madler/zlib/blob/develop/examples/enough.c Thanks to: https://twitter.com/mistymntncop https://twitter.com/benhawkes Chapters: 00:00 - Intro to CVE-2023-4863 01:32 - Most Valuable Vulnerability? 03:02 - Heap Overflow Related to Huffman Trees 03:58 - Learning about Huffman Codes 06:24 - What are Huffman Tables? 10:24 - Hardcoded Table Sizes (enough.c) 12:21 - Code Walkthrough - BuildHuffmanTable() 13:04 - The code_lengths[] and count[] Arrays 15:14 - Difference Between Compression and Decompression! 17:04 - Outro =[ ❤️ Support ]= → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join 2nd Channel: https://www.youtube.com/LiveUnderflow =[ 🐕 Social ]= → Twitter: https://twitter.com/LiveOverflow/ → Streaming: https://twitch.tvLiveOverflow/ → TikTok: https://www.tiktok.com/@liveoverflow_ → Instagram: https://instagram.com/LiveOverflow/ → Blog: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/