>near 2020
>exploited by a video file
Software sucks.
>CVE-2019-2107
>In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.
https://nvd.nist.gov/vuln/detail/CVE-2019-2107
>with non-executable files you're safe
Not so with player full of holes. It was always theoretically possible to exploit using video file and this is example.
>Software sucks
Software, like anything done by humans, is full of errors. Even if they fix this one next will be found and so forever.
>>5164 IIRC (I don't actually remember LOL) it was possible to insert a specifically crafted TEXT payloads into webpages and own browsers that way.
<hey bud, did you think plaintext files were safe? THINK AGAIN
I've been thinking about safety a little bit (not much though), and what do you think, how much of it could be mitigated by using pure Harvard architecture instead of what we have now?
>near 2020
>exploited by a video file
Software sucks.
>CVE-2019-2107
>In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.
https://nvd.nist.gov/vuln/detail/CVE-2019-2107
PoC:
https://github.com/marcinguy/CVE-2019-2107