Discovered by Tyler Bohan of Cisco Talos

The vulnerability arises in parsing the PSD document. The application takes data directly from the document without verification and uses it to calculate an address. The document has a specially crafted blending channel value leading to this miscalculation. Below is the area of the crash.

TALOS-2018-0546 - Computerinsel Photoline TIFF Samples Per Pixel Parsing Code Execution Vulnerability (CVE-2018-3861)
A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0547 - Computerinsel Photoline TIFF Bits Per Pixel Parsing Code Execution Vulnerability (CVE-2018-3862)
A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0550 - Computerinsel Photoline PSD Blending Channels Code Execution Vulnerability (CVE-2018-0550)
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel PhotoLine 20.53. A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PSD document to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0561 - Computerinsel Photoline PCX Decompress Code Execution Vulnerability (CVE-2018-3886)
A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0562 - Computerinsel Photoline PCX Run Length Code Execution Vulnerability (CVE-2018-3887)
A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0563 - Computerinsel Photoline PCX Color Map Code Execution Vulnerability (CVE-2018-3888)
A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

TALOS-2018-0564 - Computerinsel Photoline PCX Bits Per Pixel Code Execution Vulnerability (CVE-2018-3889)
A memory corruption vulnerability exists in the PCX parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Detailed vulnerability information can be found here.

Known vulnerable versions
Computerinsel PhotoLine 20.53 for OS X

(https://www.pl32.com)

Coverage
The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Console or Snort.org.

Snort Rules: 39601-39632, 45997-46000, 46093-46094, 46222-46223, 46224-46225, 46143-46146, 46241-46242