this post was submitted on 26 Sep 2023
20 points (91.7% liked)
Liftoff!
4354 readers
1 users here now
A mobile client for Lemmy running on iOS and Android
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
https://blog.isosceles.com/the-webp-0day
tldr: libwebp has been patched and will eventually make its way to everyone. This is not an easy exploit and unless you're at the level of a nation state target, don't worry about it.
I must disagree. The information is public and there are many sources that describe how to construct such a file that can trigger the heap buffer overflow. You don't need to understand all the theory to cause the overflow.
I don't think it's that complicated. I'm sure it will be used as an N-day for a long time.
The key to effective exploitation is learning to understand deeply only those parts that require deep understanding.