libpng exploit

timoo · Post by **timoo** » Wed Jun 27, 2012 7:45 pm

CVE-2011-3026 and CVE-2011-3045
is possible to exploit firmware with crafted .png
my firmware t-valdeuc 3011.0 have this vulnerability in libpngGP.so and libKonfabulator.so
maybe possible vulnerability in E firmware

Post by **juusso** » Wed Jun 27, 2012 7:54 pm

Sounds interesting. Actually you should read here and maybe collaborate too..

Th3avatar · Post by **Th3avatar** » Wed Jun 27, 2012 9:21 pm

It's really difficult to debug on TV and most of those vulnerabilities (like ours) might possibly cause remote execution.
The hard part is to actually craft a file (at least for us now...)
Even when we found the exploit and know how to trigger it, we still don't know what kind of crafted file you must put and where it actually crashes...
Need more experts on this field.

timoo · Post by **timoo** » Wed Jun 27, 2012 9:59 pm

i have no problem with debuggin my tv ue40c8000(IDA+ gdbserver on TV, gdb over ssh works too )
i am working on vulnerable .png which crash libpng -> no exploit for now -> i think i could do that because we have souce code of libpng and possible dump of C,D,E firmware , hard part is only write exploit , i am not so skilled in that

as my tv is already rooted i am only interested about

i agree, we need more experts on this

SamyGO

libpng exploit

libpng exploit

Re: libpng exploit

Re: libpng exploit

Re: libpng exploit