Wednesday, April 11, 2018

Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities



Discovered by Tyler Bohan of Cisco Talos

Overview


Today, Cisco Talos is disclosing a vulnerability within Computerinsel PhotoLine's PSD-parsing functionality. Photoline is an image processing tool used to modify and edit images, as well as other graphic-related material. This product has a large user base and is popular in its specific field. The vulnerable component is in the handling of PSD documents. PSD is a document format used by Adobe Photoshop, and is supported by many third-party applications throughout the industry.

The vulnerability arises in parsing the PSD document. The application takes data directly from the document without verification and uses it to calculate an address. The document has a specially crafted blending channel value leading to this miscalculation. Below is the area of the crash.

TALOS-2018-0546 - Computerinsel Photoline TIFF Samples Per Pixel Parsing Code Execution Vulnerability (CVE-2018-3861)


A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0547 - Computerinsel Photoline TIFF Bits Per Pixel Parsing Code Execution Vulnerability (CVE-2018-3862)


A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0550 - Computerinsel Photoline PSD Blending Channels Code Execution Vulnerability (CVE-2018-0550)


A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel PhotoLine 20.53. A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PSD document to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0561 - Computerinsel Photoline PCX Decompress Code Execution Vulnerability (CVE-2018-3886)


A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0562 - Computerinsel Photoline PCX Run Length Code Execution Vulnerability (CVE-2018-3887)


A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0563 - Computerinsel Photoline PCX Color Map Code Execution Vulnerability (CVE-2018-3888)


A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0564 - Computerinsel Photoline PCX Bits Per Pixel Code Execution Vulnerability (CVE-2018-3889)


A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

Known vulnerable versions


Computerinsel PhotoLine 20.53 for OS X

(https://www.pl32.com)

Coverage


The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Console or Snort.org.

Snort Rules: 39601-39632, 45997-46000, 46093-46094, 46222-46223, 46224-46225, 46143-46146, 46241-46242

No comments:

Post a Comment