MobileRead Forums - View Single Post - New CVE might help to RCE for new firmwares

Ginzock · 09-24-2023, 12:09 PM

Seems a PoC for CVE-2023-4863 which refers to a WebP huffman table caused buffer overflow had been published to GitHub days ago. It looks quite like the vulnerabilty in image JPEG XR which was used to jailbreak the old versions of kindle firmware.

The article said that Google has fuzzed many libraries for image decoding and has got a high code coverage across these libraries.

Don't know whether there's a method to cause a RCE in the new firmwares as I'm not sure if Kindle is actually using these code and could be vulnerable. As I'm not familiar with binary exploit, is there anyone interested to look into this?

09-24-2023, 12:09 PM	#1
Ginzock Junior Member Posts: 1 Karma: 10 Join Date: Aug 2023 Device: Kindle 8	New CVE might help to RCE for new firmwares Seems a PoC for CVE-2023-4863 which refers to a WebP huffman table caused buffer overflow had been published to GitHub days ago. It looks quite like the vulnerabilty in image JPEG XR which was used to jailbreak the old versions of kindle firmware. The article said that Google has fuzzed many libraries for image decoding and has got a high code coverage across these libraries. Don't know whether there's a method to cause a RCE in the new firmwares as I'm not sure if Kindle is actually using these code and could be vulnerable. As I'm not familiar with binary exploit, is there anyone interested to look into this?