CVE-2011-3026 and CVE-2011-3045
is possible to exploit firmware with crafted .png
my firmware t-valdeuc 3011.0 have this vulnerability in libpngGP.so and libKonfabulator.so
maybe possible vulnerability in E firmware
libpng exploit
Re: libpng exploit
Sounds interesting. Actually you should read here and maybe collaborate too..
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Re: libpng exploit
It's really difficult to debug on TV and most of those vulnerabilities (like ours) might possibly cause remote execution.
The hard part is to actually craft a file (at least for us now...)
Even when we found the exploit and know how to trigger it, we still don't know what kind of crafted file you must put and where it actually crashes...
Need more experts on this field.
The hard part is to actually craft a file (at least for us now...)
Even when we found the exploit and know how to trigger it, we still don't know what kind of crafted file you must put and where it actually crashes...
Need more experts on this field.
Re: libpng exploit
i have no problem with debuggin my tv ue40c8000(IDA+ gdbserver on TV, gdb over ssh works too )
i am working on vulnerable .png which crash libpng -> no exploit for now -> i think i could do that because we have souce code of libpng and possible dump of C,D,E firmware , hard part is only write exploit , i am not so skilled in that
as my tv is already rooted i am only interested about
i agree, we need more experts on this
i am working on vulnerable .png which crash libpng -> no exploit for now -> i think i could do that because we have souce code of libpng and possible dump of C,D,E firmware , hard part is only write exploit , i am not so skilled in that


i agree, we need more experts on this
