CVE-2025-43300

This repository contains a working PoC for CVE-2025-43300, a critical memory corruption vulnerability in Apple's DNG image processing framework. The exploit leverages inconsistencies between TIFF metadata and JPEG stream parameters to trigger buffer overflows, potentially leading to RCE on iOS/macOS systems.

This repository contains a detailed technical analysis of a zero-click RCE exploit chain (CVE-2025-43300, CVE-2025-24085, CVE-2025-24201) affecting iOS 18.2.1, leveraging malicious PNG files delivered via iMessage to achieve kernel-level compromise, sandbox escape, and persistent device control.

This repository contains a Python script to create a proof-of-concept exploit for CVE-2025-43300, a memory corruption vulnerability in Apple's RawCamera.bundle affecting iOS 18.6.1 and macOS. The exploit manipulates DNG file metadata to trigger a buffer overflow by mismatching TIFF and JPEG Lossless parameters.

The repository contains an interactive CLI tool for analyzing DNG files for CVE-2025-43300 indicators, including metadata and JPEG stream analysis. It does not contain exploit code but provides functionality to create and modify DNG files for research purposes.

This PoC demonstrates a buffer overflow vulnerability in DNG file processing due to a mismatch between TIFF metadata (SamplesPerPixel=2) and JPEG data (3 components), leading to remote code execution (RCE). The exploit generates a malformed DNG file that triggers the overflow when parsed.

This repository contains a working PoC for CVE-2025-43300, a memory corruption vulnerability in Apple's DNG image processing. It includes tools to analyze and modify DNG files to trigger the vulnerability via metadata/stream inconsistencies.

This repository provides a detailed technical analysis of the 2025 WhatsApp/ImageIO zero-click exploit chain (CVE-2025-55177 + CVE-2025-43300), including a research paper, interactive web companion, and hands-on labs for heap/stack exploitation techniques. It includes patch diffs, root cause analysis, and educational resources.

This repository contains a writeup describing CVE-2025-43300, an out-of-bounds write vulnerability in Apple's Image I/O framework affecting iOS, iPadOS, and macOS. The vulnerability allows remote code execution (RCE) via a maliciously crafted image file, with reports of in-the-wild exploitation.