New CVE might help to RCE for new firmwares

Ginzock · 09-24-2023, 12:09 PM

Seems a PoC for CVE-2023-4863 which refers to a WebP huffman table caused buffer overflow had been published to GitHub days ago. It looks quite like the vulnerabilty in image JPEG XR which was used to jailbreak the old versions of kindle firmware.

The article said that Google has fuzzed many libraries for image decoding and has got a high code coverage across these libraries.

Don't know whether there's a method to cause a RCE in the new firmwares as I'm not sure if Kindle is actually using these code and could be vulnerable. As I'm not familiar with binary exploit, is there anyone interested to look into this?

09-24-2023, 12:09 PM	#1
Ginzock Junior Member Posts: 1 Karma: 10 Join Date: Aug 2023 Device: Kindle 8	New CVE might help to RCE for new firmwares Seems a PoC for CVE-2023-4863 which refers to a WebP huffman table caused buffer overflow had been published to GitHub days ago. It looks quite like the vulnerabilty in image JPEG XR which was used to jailbreak the old versions of kindle firmware. The article said that Google has fuzzed many libraries for image decoding and has got a high code coverage across these libraries. Don't know whether there's a method to cause a RCE in the new firmwares as I'm not sure if Kindle is actually using these code and could be vulnerable. As I'm not familiar with binary exploit, is there anyone interested to look into this?

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
CVE-2020-15999 => Kindle jailbreak now possible	ajoseph	Kindle Developer's Corner	5	11-12-2020 11:14 AM
I can't get Launchpad's RCE to work	PoP	Kindle Developer's Corner	3	12-06-2011 01:50 PM
Exploit-CVE-2010-2738 in Ermine updates?	DoghouseReilley	enTourage eDGe	11	07-26-2011 04:09 PM
Comparison of all available V3 firmwares	Rapefruit	HanLin eBook	2	09-10-2009 05:16 AM