Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

A guide on how to do fuzzing with AFL++ in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones. Want to learn hacking? Signup to https://hextree.io (ad) Buy my shitty font: https://shop.liveoverflow.com/ (ad) Watch webp Part 1:    • A Vulnerability to Hack The World - CVE-20...   Sudo Vulnerability Series:    • Sudo Vulnerability Walkthrough   Docker Video:    • How Docker Works - Intro to Namespaces   OSS-Fuzz: https://github.com/google/oss-fuzz OSS-Fuzz libwebp coverage: https://storage.googleapis.com/oss-fu... AFLplusplus: https://github.com/AFLplusplus/AFLplu... vanhauser's blog: https://www.srlabs.de/blog-post/advan... vanhauser/thc on twitter:   / hackerschoice   AFLpluslus Persistent Mode: https://github.com/AFLplusplus/AFLplu... Grab the code: https://github.com/LiveOverflow/webp-... =[ ❤️ Support ]= Find out how you can support LiveOverflow: https://liveoverflow.com/support/ =[ 🐕 Social ]= → 2nd Channel:    / liveunderflow   → Twitter:   / liveoverflow   → Streaming: https://twitch.tvLiveOverflow/ → TikTok:   / liveoverflow_   → Instagram:   / liveoverflow   → Blog: https://liveoverflow.com/ → Subreddit:   / liveoverflow   → Facebook:   / liveoverflow   Chapters: 00:00 - Intro 00:36 - How to Learn About Fuzzing? 02:36 - Setting Up Fuzzing With AFL++ 04:53 - My Docker Workflow for Fuzzing 06:35 - AFL++ Different Coverage Strategies 09:50 - Start the libwebp Fuzzing Campaign 11:58 - Adjusting the Fuzzer 13:45 - Why Don't We Find a Crash? 15:49 - Fuzzing with AFL++ Persistent Mode 19:47 - Persistent Mode Fuzzing Results 20:46 - Finding the Vulnerability in 8s