Vulnerabilities discovered by Tyler Bohan from Talos
Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base and is popular in the graphic design field. The vulnerabilities are present in the parsing functionality of the software.
A memory corruption vulnerability exists in the Adobe Photoshop file (PSD)-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PSD document to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.
A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.
Computerinsel Photoline 20.54 for OS X
Coverage
The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 46452-46453, 46455-46456, 46459-46460
Overview
Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base and is popular in the graphic design field. The vulnerabilities are present in the parsing functionality of the software.
TALOS-2018-0585 - Computerinsel Photoline PSD-Blending Channel Code Execution Vulnerability (CVE-2018-3921)
A memory corruption vulnerability exists in the Adobe Photoshop file (PSD)-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PSD document to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.
TALOS-2018-0586 - Computerinsel Photoline ANI-Parsing Code Execution Vulnerability (CVE-2018-3922)
A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.
TALOS-2018-0587 - Computerinsel Photoline PCX Run Length Encoding Code Execution Vulnerability (CVE-2018-3923)
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.
Tested Versions:
Computerinsel Photoline 20.54 for OS X
Coverage
The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 46452-46453, 46455-46456, 46459-46460
Article Link: http://feedproxy.google.com/~r/feedburner/Talos/~3/OaCBCFgHvSc/vulnerability-spotlight-computerinsel-photoline.html