have a look at this site
http://www.frsirt.com/english/advisories/2006/1563 this exploit was released only some day ago!!!!!!
EDIT: here you can download all the tiff exploit i found and tested!!
Files in the rar archive are files that freezes psp or shows an image, those are 3 files. There are other 2 files wich appears as corrupted data.
NULL deref in PredictorVSetField() freeze
NULL deref in Fax3VSetField() freeze
NULL deref via TIFFError() by TIFFFetchAnyArray() ? doesn't freeze (corrupted data)
buffer overflow via TIFFFetchData() and memcpy() ? doesn't freeze (corrupted data)
double free() in setByteArray()? shows an image but doesn't freeze
i've updated the archive putting other 2 files that psp doesn't read...now in the archive there are all files that i discovered and downloaded by the exploits site
__________________________________________________ _____
other 2 files tiff that freeze psp
links and files attached
http://www.security-protocols.com/sp-x29-advisory.php http://www.security-protocols.com/sp-x30-advisory.php
__________________________________________________ __
Maybe now a really strange gif....
http://www.security-protocols.com/sp-x28-advisory.php
"Overview:
A heap overflow vulnerability exists when processing .gif files which causes the application to crash, and or may allow for an attacker to execute arbitrary code on the targted host.
Technical Details:
When decompressing a specially crafted .gif file, the CFAllocatorAllocate () function incorrectly parses the malformed data and causes the application to segmentation fault."
The gif in my psp system show as a looping preview loading...when i open the file psp tells me this "showing image impossible (00000001)"
Linear Mode
