09-24-2023, 12:09 PM | #1 |
Junior Member
Posts: 1
Karma: 10
Join Date: Aug 2023
Device: Kindle 8
|
New CVE might help to RCE for new firmwares
Seems a PoC for CVE-2023-4863 which refers to a WebP huffman table caused buffer overflow had been published to GitHub days ago. It looks quite like the vulnerabilty in image JPEG XR which was used to jailbreak the old versions of kindle firmware.
The article said that Google has fuzzed many libraries for image decoding and has got a high code coverage across these libraries. Don't know whether there's a method to cause a RCE in the new firmwares as I'm not sure if Kindle is actually using these code and could be vulnerable. As I'm not familiar with binary exploit, is there anyone interested to look into this? |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
CVE-2020-15999 => Kindle jailbreak now possible | ajoseph | Kindle Developer's Corner | 5 | 11-12-2020 11:14 AM |
I can't get Launchpad's RCE to work | PoP | Kindle Developer's Corner | 3 | 12-06-2011 01:50 PM |
Exploit-CVE-2010-2738 in Ermine updates? | DoghouseReilley | enTourage eDGe | 11 | 07-26-2011 04:09 PM |
Comparison of all available V3 firmwares | Rapefruit | HanLin eBook | 2 | 09-10-2009 05:16 AM |