December 6, 2023
Finding LogoFAIL: The Dangers of Image Parsing During System Boot
The Binarly REsearch team has discovered a Heap Out-of-bounds Read vulnerability in the web server component of Lenovo BMC firmware, allowing a potential attacker to exfiltrate sensitive information from Lighttpd process memory.