Vulnerabilities discovered by Tyler Bohan from Talos

Overview

Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base and is popular in the graphic design field. The vulnerabilities are present in the parsing functionality of the software.

TALOS-2018-0585 - Computerinsel Photoline PSD-Blending Channel Code Execution Vulnerability (CVE-2018-3921)

A memory corruption vulnerability exists in the Adobe Photoshop file (PSD)-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PSD document to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0586 - Computerinsel Photoline ANI-Parsing Code Execution Vulnerability (CVE-2018-3922)

A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0587 - Computerinsel Photoline PCX Run Length Encoding Code Execution Vulnerability (CVE-2018-3923)

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

Tested Versions:

Computerinsel Photoline 20.54 for OS X

https://3.bp.blogspot.com/-_gx-CKXcM6s/W0UVE0O4z4I/AAAAAAAADNk/teef_5aO8I4kCho5FRErk5-UUdZIHCM9ACK4BGAYYCw/s1600/patch_availability_available.jpg

Coverage

The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 46452-46453, 46455-46456, 46459-46460