Exploiting aCropalypse: Recovering Truncated PNGs
The aCropalypse vulnerability, also known as CVE-2023-21036, is a security flaw that allows for the recovery of truncated PNGs. This is possible because zlib streams can use dynamic Huffman coding, where a custom Huffman tree is defined at the start of a block. To exploit this vulnerability, one must first analyze the sample screenshots using a janky zlib-parsing Python script. This will reveal that the data is compressed using dynamic Huffman coding, and that the Huffman tree is re-specified every ~16KB or so. The algorithm to exploit this vulnerability is to find the start of a dynamic-Huffman-coded zlib block. This can be done by searching for the zlib header, which is 0x789C followed by a two-byte compression method. Once the start of the block is found, the Huffman tree can be reconstructed and the data can be decompressed. CVEs: CVE-2023-21036 [View Article](http://www.ctfiot.com/104623.html)