Reminds me of how people were crashing the PSP's XMB with BMP and TIFF files twenty years ago. I was just a kid, and began "pirating" every one of my classmates' consoles (some in exchange for a small amount of money). Good times.
Reminds me of how people were crashing the PSP's XMB with BMP and TIFF files twenty years ago. I was just a kid, and began "pirating" every one of my classmates' consoles (some in exchange for a small amount of money). Good times.
When the first-gen iPhone was out there was a TIFF vulnerability so bad that you could jailbreak an iPhone just by visiting a specific web site. I remember going to Best Buy and seeing all of the display phones had been jailbroken. (It was easy to tell - this was before the App Store, so having extra app icons on the home screen wasn't normal.)
This was a user-empowering application of the vulnerability. Obviously, a bug that allows root-level arbitrary code execution just by getting the user to load a single image could be used for some pretty bad stuff. (And perhaps was.)
More recently there was an iOS 0-day GIF exploit requiring no user interaction: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...
PDF, actually.
The `Memory Pit` exploit for the Nintendo DSi works in a similar way - it exploits a buffer overflow in the reading of image meta data by the Nintendo DSi Camera application in order to achieve arbitrary code execution.
https://dsibrew.org/wiki/Memory_Pit
4chan, ironically enough, had something similar where steganographic images were posted designed to be copied to Paint, saved as a bmp, renamed to an .hta file, and then executed. It would then spam the board with other variations of itself.
"Bannerbomb", on the Wii, has entered the thread.
https://wiibrew.org/wiki/Bannerbomb