Posts
397
Following
157
Followers
75
car/cdr/cdadr
@bryanjclark yes!! top notch branding!
0
0
0

@bryanjclark followup

“Fix OOB write in BuildHuffmanTable”… “ The patch suggests that it was possible to overflow the Huffman table when decoding an untrusted image…”

https://blog.isosceles.com/the-webp-0day/

0
0
1
@jaredly me, zgotsch, and dmnd are floating around, say hi if you see us!
0
0
0
Edited 1 year ago

i’ll see you at stacycon ‘94 (strange loop 2023) at the san diego (st louis) airport hilton (union station hotel) https://m.youtube.com/watch?v=SWHRSM2wa24

0
0
0
@bryanjclark it’s absolutely not meant for keeping a Library but i can’t quit lightroom. i still use it for all my non-phone stuff and will import hifs from my camera to the camera roll using the terrible sony app but it’s sort of just for sharing and quickly editing something i liked in darkroom before somebody runs away and not for the kind of triage you’re describing
0
0
1
part 6, tapatio style
1
0
1

nobody cared who i was until i put on the mask!

0
0
0
just ftr tiktok is the only social network to have accurately pegged me as hispanic within minutes of use, extremely fascinating experience
1
0
0
organizzzzaaaaaaaannndooo (part 4)
1
0
0
@bshaykin it is such a strange segment, i thought i was hallucinating
1
0
0
sesame street s50e14, the one where abby and rudy become graphic designers
1
0
0
ok sorry i only half configured media hosting when i set up my instance, my bad
0
0
0
reopening tiktok and rewatching old favorites
1
0
0
finally can import sony .hif files (heif) in lightroom alongside the arws
0
0
0
@jbigham this is juno erasure (to say nothing of all the well.com perverts back then)
0
0
1
@bryanjclark this is such a fascinating exploit if it uses server-based passkit push updates to deliver compromised payloads that don't get handled by blastdoor until it's too late. i would imagine the problem is that images require a non-finite amount of space after decompression but that some cleverly compressed regions can exhaust the amount of memory allocated and allow you to traipse over old dylib code that executes at a higher privilege level. my understanding is that blastdoor prevents this for most data that comes in from imessage, but probably older codepaths are still vulnerable (i'm guessing lockdown mode just nixes all features that don't route initially through blastdoor)
2
0
1
Show older