Full Disclosure mailing list archives
CVE-2021-39623 Libstagefright (Media Framework on Android) with OOB write on the heap
From: Marcin Kozlowski <marcinguy () gmail com>
Date: Tue, 11 Jan 2022 10:08:57 +0100
Hi list, Maybe you will find it interesting. Forcedentry state of the art exploit (as I read) used by NSO made it big. Libstagefright (Media Framework on Android) with OOB write on the heap (with Scudo) which can possibly own your Mobile by playing an audio file, didn't. Note: Not sure if you can do RCE with it. Leave it to experts :P Here is the repo with reporoducer and possibly also code in the future to create it when needed. https://github.com/marcinguy/CVE-2021-39623 Thanks, Marcin _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2021-39623 Libstagefright (Media Framework on Android) with OOB write on the heap Marcin Kozlowski (Jan 11)