tags:fuzzingUEFIheap_overflow original link: Inside the LogoFAIL PoC: From Integer Overflow to Arbitrary Code Execution newsletter link: exploits.club Weekly Newsletter 06
Exploits Club Summary:
In early December, Binarly.io presented the technical details on LogoFAIL, a vulnerability class resulting from custom images being parsed during boot. This week, the team released a detailed write-up on creating a PoC for one-such vulnerability. The blog post walks through identifying an integer overflow via fuzzing and escalating that primitive to a heap-overflow resulting in code execution.