A Vulnerability to Hack The World - CVE-2023-4863

2023-12-21

[public] 88.8K views, 5.36K likes, dislikes audio only

Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned.

Want to learn hacking? Signup to https://hextree.io (ad)

Buy my shitty font: https://shop.liveoverflow.com/ (ad)

WebP Fix Commit: https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a

Citizenlab: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Ben Hawkes: https://blog.isosceles.com/the-webp-0day/

Software Updates

Apple https://support.apple.com/en-gb/106361

Chrome https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

Firefox https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Android https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Whose CVE is it Anyway? https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/

References:

2014 bug introduction https://github.com/webmproject/libwebp/commit/f75dfbf23d1df1be52350b1a6fc5cfa6c2194499

/youtube/video/JsTptu56GM8

/youtube/video/B3y0RsVCyrw

/youtube/video/EFUYNoFRHQI

https://www.youtube.com/watch?v=iEm1NRyEe5c

https://stackoverflow.com/questions/13804629/huffman-code-with-lookup-table

https://web.archive.org/web/20230204211844/https://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art007

enough.c https://github.com/madler/zlib/blob/develop/examples/enough.c

Thanks to:

https://twitter.com/mistymntncop

https://twitter.com/benhawkes

Chapters:

00:00 - Intro to CVE-2023-4863

01:32 - Most Valuable Vulnerability?

03:02 - Heap Overflow Related to Huffman Trees

03:58 - Learning about Huffman Codes

06:24 - What are Huffman Tables?

10:24 - Hardcoded Table Sizes (enough.c)

12:21 - Code Walkthrough - BuildHuffmanTable()

13:04 - The code_lengths[] and count[] Arrays

15:14 - Difference Between Compression and Decompression!

17:04 - Outro

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/

→ Streaming: https://twitch.tvLiveOverflow/

→ TikTok: https://www.tiktok.com/@liveoverflow_

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/