This week we’re diving down into the depths of binary exploitation and analysis, looking at a number of recent vulnerability and malware teardowns, plus we cover security updates for FreeType, PHP, ImageMagick, protobuf-c and more.
22 unique CVEs addressed
finfo_buffer function -
used to get info etc from a binary string - in the example in the
upstream documentation shows using this function to get the MIME info of
$_POST parameter - so likely this is being used in a bunch of places on
untrusted data - DoS/RCE