Public
- Public
- Network
- Groups
- Popular
- People

Notices by Inochi2D (inochi2d@vt.social)

Inochi2D (inochi2d@vt.social)'s status on Saturday, 04-Mar-2023 07:41:21 JST Inochi2D

Recently there was an announcement that Live2D's moc3 file format has a pretty severe security flaw[1], letting you all know that Inochi2D is not vulnerable to the exploit as it does not load moc3 files and INX and INP files are bounds checked.
We take security seriously and ask researchers to send us an encrypted email to security@inochi2d.com in case a problem is found. PGP Key can be found here https://pastebin.com/07UBaQpY! 🦊✉️
1: https://undeleted.ronsor.com/live2d-a-security-trainwreck/
In conversation Saturday, 04-Mar-2023 07:41:21 JST from vt.social permalink
Attachments
1. Inochi2D PGP Public Key - Pastebin.com
  
  Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
2. Live2D: A Security Trainwreck
  
  Translations of this article are welcome. If you know Japanese or any other language, feel free to contact me. The markdown source for this article is here. Update: the vulnerability discovered here has been assigned CVE-2023-27566. Live2D Cubism is a popular 2D puppet animation software most known for its use by VTubers1 and in certain mobile games. In order to load the models generated by the software, developers need to include their proprietary “Cubism SDK,” for which there is no alternative.

User actions

The free open source 2D animation & streaming suite for vtubers & gamedevs | 無料でオープンソースのVTuberモデル形式とツールを作っています。| Run by @LunaFoxgirlVT#Inochi2D

Tags

(None)

ActivityPub: Remote Profile

Following 0

Followers 0

Groups 0

Statistics

User ID: 17150

Member since: 28 Feb 2023

Notices: 1

Daily average: 0

Feeds

Atom