Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

A guide on how to do fuzzing with AFL++ in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones.

Want to learn hacking? Signup to https://hextree.io (ad)
Buy my shitty font: https://shop.liveoverflow.com/ (ad)

Watch webp Part 1: https://www.youtube.com/watch?v=lAyhKaclsPM

Sudo Vulnerability Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Docker Video: https://www.youtube.com/watch?v=-YnMr1lj4Z8

OSS-Fuzz: https://github.com/google/oss-fuzz
OSS-Fuzz libwebp coverage: https://storage.googleapis.com/oss-fuzz-coverage/libwebp/reports/20230901/linux/src/libwebp/src/utils/report.html
AFLplusplus: https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md
vanhauser's blog: https://www.srlabs.de/blog-post/advanced-fuzzing-unmasks-elusive-vulnerabilities
vanhauser/thc on twitter: https://twitter.com/hackerschoice
AFLpluslus Persistent Mode: https://github.com/AFLplusplus/AFLplusplus/blob/0c054f520eda67b7bb15f95ca58c028e9b68131f/instrumentation/README.persistent_mode.md
Grab the code: https://github.com/LiveOverflow/webp-CVE-2023-4863

=[ ❤️ Support ]=

Find out how …

afl cve cve-2023-4863 fuzzing guide hack iphones learn libwebp social support vulnerability webp