The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders

Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden security risk. Decoding video today involves interacting with dedicated hardware accelerators and the proprietary, privileged software components used to drive them. The video decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed -- a dangerous combination. We introduce H26Forge, a framework that carefully crafts video files to expose edge cases in H.264 decoders.... By: Stephen Checkoway , Hovav Shacham , Willy Vasquez Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefi...

Join Today
Black Hat Europe 2025 | Pickle Exploitation Techniques And Their Detection Using SaferPickle
▶︎

Black Hat Europe 2025 | Pickle Exploitation Techniques And Their Detection Using SaferPickle

Black Hat Europe 2025 | Stress-Testing SAST And LLMs On Modern Web Backends
▶︎

Black Hat Europe 2025 | Stress-Testing SAST And LLMs On Modern Web Backends

Black Hat Europe 2025 | Ghosts in the Stream: Exposing Lives and Devices Behind Encrypted Doors
▶︎

Black Hat Europe 2025 | Ghosts in the Stream: Exposing Lives and Devices Behind Encrypted Doors

Black Hat Europe 2025 | Low-Cost Memory Interposer Attacks On Confidential Computing
▶︎

Black Hat Europe 2025 | Low-Cost Memory Interposer Attacks On Confidential Computing

Black Hat Europe 2025 | Page Phantoms: Zero-IO, In-Memory Tampering Of The Linux Page Cache
▶︎

Black Hat Europe 2025 | Page Phantoms: Zero-IO, In-Memory Tampering Of The Linux Page Cache

Black Hat Europe | LINE-Break: Cryptanalysis And Reverse Engineering Of Letter Sealing
▶︎

Black Hat Europe | LINE-Break: Cryptanalysis And Reverse Engineering Of Letter Sealing

Black Hat Europe 2025 | Hacking Smart Cities One Building At A Time - A City Of A Thousand Zero Days
▶︎

Black Hat Europe 2025 | Hacking Smart Cities One Building At A Time - A City Of A Thousand Zero Days

The Yandex Leak: How a Russian Search Giant Uses Consumer Data
▶︎

The Yandex Leak: How a Russian Search Giant Uses Consumer Data

Black Hat Europe 2025 | SCOMmand And Conquer - Attacking System Center Operations Manager
▶︎

Black Hat Europe 2025 | SCOMmand And Conquer - Attacking System Center Operations Manager

Black Hat Europe 2025 | The Forensic Trail On GitHub: Hunting For Supply Chain Activity
▶︎

Black Hat Europe 2025 | The Forensic Trail On GitHub: Hunting For Supply Chain Activity

Black Hat Europe 2025 | Habemus Securitas - Exploring Apple's Hidden Territories
▶︎

Black Hat Europe 2025 | Habemus Securitas - Exploring Apple's Hidden Territories

Black Hat Europe 2025 | RMPocalypse: A Catch-22 Breaking AMDs Confidential Computing
▶︎

Black Hat Europe 2025 | RMPocalypse: A Catch-22 Breaking AMDs Confidential Computing

Black Hat Europe 2025 | How We Turned AI's 'Web Browsing' Into A Gateway For Targeting 1B+ Users
▶︎

Black Hat Europe 2025 | How We Turned AI's 'Web Browsing' Into A Gateway For Targeting 1B+ Users

Black Hat Europe 2025 | Offensive Testing Of HarmonyOS NEXT Applications With Harm0nyz3r & DVHA
▶︎

Black Hat Europe 2025 | Offensive Testing Of HarmonyOS NEXT Applications With Harm0nyz3r & DVHA

Black Hat Europe 2025 | Taking Over Your Amazon Account With A Kindle
▶︎

Black Hat Europe 2025 | Taking Over Your Amazon Account With A Kindle

Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites
▶︎

Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites

Black Hat Europe 2025 | China's Nexus APT Exploiting Ivanti Endpoint Manager Mobile
▶︎

Black Hat Europe 2025 | China's Nexus APT Exploiting Ivanti Endpoint Manager Mobile

Black Hat Europe 2025 | Silence On macOS: What 70K Binaries Reveal About The macOS Malware Ecosystem
▶︎

Black Hat Europe 2025 | Silence On macOS: What 70K Binaries Reveal About The macOS Malware Ecosystem

Black Hat USA 2023 Highlights
▶︎

Black Hat USA 2023 Highlights