3dbrew

Changes

3DS Userland Flaws (edit)

Revision as of 04:16, 13 January 2017

66 bytes added ,  04:16, 13 January 2017
no edit summary
Line 183: Line 183:  
|-
 
|-
 
| [[Nintendo 3DS Sound]]
 
| [[Nintendo 3DS Sound]]
| "A heap overflow in tag processing leads to code execution when a specially- crafted m4a file is loaded by Nintendo 3DS Sound." (description from soundhax's github readme)
+
| When a .m4a is loaded, the song name is copied to a 256 byte buffer. When the song name begins with a Unicode BOM marker, it memcpy's the tag using the user-provided length. This gives an arbitrary write which can be used to achieve ROP.
 
| None
 
| None
 
| [[11.2.0-35]]
 
| [[11.2.0-35]]
Nedwill
3

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/19255"