Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

A guide on how to do fuzzing with AFL in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones. Want to learn hacking? Signup to (ad) Buy my shitty font: (ad) Watch webp Part 1: Sudo Vulnerability Series: Docker Video: OSS-Fuzz: OSS-Fuzz libwebp coverage: AFLplusplus: vanhauser’s blog: vanhauser/thc on twitter: AFLpluslus Persistent Mode: Grab the code: =[ ❤️ Support ]= Find out how you can support LiveOverflow: =[ 🐕 Social ]= → 2nd Channel: → Twitter: → Streaming: → TikTok: @liveoverflow_ → Instagram: → Blog: → Subreddit: → Facebook: Chapters: 00:00 - Intro 00:36 - How to Learn About Fuzzing? 02:36 - Setting Up Fuzzing With AFL 04:53 - My Docker Workflow for Fuzzing 06:35 - AFL Different Coverage Strategies 09:50 - Start the libwebp Fuzzing Campaign 11:58 - Adjusting the Fuzzer 13:45 - Why Don’t We Find a Crash? 15:49 - Fuzzing with AFL Persistent Mode 19:47 - Persistent Mode Fuzzing Results 20:46 - Finding the Vulnerability in 8s