Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp’s build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I’m excited to share with you what I learned.
Want to learn hacking? Signup to (ad)
Buy my shitty font: (ad)
WebP Fix Commit:
Citizenlab:
Ben Hawkes:
Software Updates
Apple
Chrome
Firefox
Android
Whose CVE is it Anyway?
References:
2014 bug introduction
enough.c
Thanks to:
Chapters:
00:00 – Intro to CVE-2023-4863
01:32 – Most Valuable Vulnerability?
03:02 – Heap Overflow Related to Huffman Trees
03:58 – Learning about Huffman Codes
06:24 – What are Huffman Tables?
10:24 – Hardcoded Table Sizes (enough.c)
12:21 – Code Walkthrough – BuildHuffmanTable()
13:04 – The code_lengths[] and count[] Arrays
15:14 – Difference Between Compression and Decompression!
17:04 – Outro
=[ ❤️ Support ]=
→ per Video:
→ per Month:
2nd Channel:
=[ 🐕 Social ]=
→ Twitter:
→ Streaming:
→ TikTok:
→ Instagram:
→ Blog:
→ Subreddit:
→ Facebook:
world , A Vulnerability to Hack The World – CVE-2023-4863 , #Vulnerability #Hack #World #CVE20234863
, Live Overflow,liveoverflow,hacking tutorial,how to hack,exploit tutorial,webp,CVE-2023-4863,CVE-2023-41064,blastdoor,citizenlab,nso group,heap overflow,buffer overflow,image format,apple,ios,iphone,0day,zero day,0-day,webp exploit,proof of concept,huffman table,huffman codes,compression,image compression,vulnerability walkthrough
FINALLY SOMEONE TALKING ABOUT THIS IN YOUTUBE! 🙏👏👏
Excellent video. Every other resource on this topic glosses over the details but this one dives right in. This series will be invaluable for new security researchers.
What a cliffhanger!
Ah! I've spotted an incorrect thing in your videos, finally! 😋
At 7:08 you say that color values range from 0 – 255 and that a table would thus always have 255 entries. But 0 – 255 are 256 values :O
they call it the Huffman's algorithm becoz the guy who came up with the algorithm was definitely huffing glue when he came up with this method to compress stuff !!!!
Samsung: “The vulnerabilities were communicated to Samsung more than 3 months ago, but the Korean manufacturer has so far done nothing about it, say engineers at Google Project Zero.”
Wow 🤩 amazing work in explaining this.
Takeaway for me is to disallow webp formatted images in the app. No big loss.
Fun fact: if you also know about things like b-trees (binary trees that have multiple entries on a given level) the same reasoning applies to why huffman tables are used… cache locality!
Webp has always been bad
But how would an image get turned into a nonsensical array?
The image exists and it gets turned into an array. Wouldn't that array be valid?
Top-notch, as always!
amazing content, as always.
5:00 lol love that edit where u superimpose over tom scott. Red shirt gang.
I feel like this is a classic moment of the developers not following the golden rule called “never trust user input” because it really is just someone putting impossible values into it and it just doing what it was told without any checking if it was valid or not
Israel’s Unit 8200 getting busy again 🙄
It's interesting to note how much money was spent to roll out this update to final platforms and how it correlates with the funds that need to be invested to create a more secure version of the app.
04:58 the red tshirt overlay is too perfect 😂
Edit: I'm hyped for the fuzzing video!
This vulnerability sounds so obvious in hindsight. It's parsing the image assuming that a correct program generated it. There must be some checks for it but clearly not enough.
More than the vulnerability, I really loved how the huffman tree is optimised.
The classic Rust would have fixed that moment
I found myself that I like hacking and cyber security in general and in some days I ask my self:
*)- "how the photo or image are transmitted and we see it in the phone or computer… or even how it is captured from the beginning"?
And today I found this awesome video with awesome vulnerability with awesome channel. Thank you so much
I found myself that I like hacking and cyber security in general and in some days I ask my self:
*)- "how the photo or image are transmitted and we see it in the phone or computer… or even how it is captured from the beginning"?
And today I found this awesome video with awesome vulnerability with awesome channel. Thank you so much
Amazingly explained. Thank you!
Strong hacking world.
When would hextree be available?
i beg you! please make a video on CHACHA20! ive been leanring about it for 3 months and still struggle to fully understand the 4×4….. its killing me lol
The day I heared about that vulnerability I was hoping for coverage on the technical details. Thank you so much for that!