If you have a PSP-3000 with Version 4.20, it has a libTiff bug which could lead to an exploit.
Wololo said:Well there are two issues:
1) from a thread "A" I can jump to an arbitrary address in RAM, but I have nowhere to put some code to execute in a reliable way
2) The thread that does the image decoding (thread "B") crashes because the buffer underflow continues until it tries to write to an invalid location in RAM. And when one thread crashes, the whole PSP crashes.
I should post an update on all this at lan.st, but since I didn't get much help 1 month ago, I don't see why I would get anymore help now.
Oh, and this is valid only up to firmware 4.20. The vulnerability that's left in firmwares beyond 4.20 is waaaay too small to be used at all.