3dbrew

3DS Userland Flaws: Difference between revisions

← Older editNewer edit →
Line 184: Line 184:
| [[Nintendo 3DS Sound]]
| [[Nintendo 3DS Sound]]
| When a .m4a is loaded, the song name is copied to a 256 byte buffer. When the song name begins with a Unicode BOM marker, it memcpy's the tag using the user-provided length. This gives an arbitrary write which can be used to achieve ROP.
| When a .m4a is loaded, the song name is copied to a 256 byte buffer. When the song name begins with a Unicode BOM marker, it memcpy's the tag using the user-provided length. This gives an arbitrary write which can be used to achieve ROP.
| None
| [[11.4.0-37]]
| [[11.2.0-35]]
| [[11.4.0-37]]
| June/July 2016
| June/July 2016
| [[User:nedwill|nedwill]]
| [[User:nedwill|nedwill]]
Retrieved from "https://www.3dbrew.org/wiki/3DS_Userland_Flaws"