I managed to create somes tif files that crash my PSP 3000 on OFW 4.20
My tests on a Phat with CFW 5.00 m33-4 tend to show that the vulnerability has been fixed in firmware 5.00
Here are the files:
http://wololo.net/files/libtiffcrash.zip
There are 2 files because it seems to increase the probability of crash. But 1 should actually be enough.
put the files in PSP/PHOTO, and try to view either the thumbnails or the pictures themselves, it should crash the PSP.
The bug seems pretty random (depends on the state of the RAM, I guess), so you might have to reboot the PSP a few times and try again.
video:
I have lots of things to discuss on the subject, but I don't have enough time right now. Thing is, I pretty much reached the limits of my knowledge here, but if somebody have a clue on how such a crash could be used, please contact me if you want information on how I created the files. This is a very simple modification of LZWEncode in tif_lzw.c
Again, this does NOT seem to work on 5.00, only on 4.20