• lustrum
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Anyone who knows things got a laymen explanation for this zeroday?

    • Scratch
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      In my understanding: What happens is a Heap Buffer Overflow. The Heap is a style of memory and a Buffer is just a chunk of storage where you place something that is a work in progress. (Think a Youtube video buffering, you are waiting for more data to come down so you can play the video)

      The WebP image type has the unintended ability to write to more memory than the OS assigns it. It can ‘overflow’.

      If you craft a WebP image file just right, you can write malicious code to a location in memory that the OS may think is executable code and then run it, all without the user knowing.