April 27, 2007

Photoshop security issue reported; details pending

Security firm Secunia has reported a vulnerability with Photoshop CS2 and CS3, whereby a malformed bitmap file (.BMP, .DIB, .RLE) could cause a buffer overflow in the application.  Unfortunately I don't have more useful info to add at the moment, and I'm heading to Death Valley for the weekend & will be out of the loop for a bit.  I'll post more details as I get them.  In the meantime, I'd suggest steering clear of files in these formats created by unknown/untrusted parties.  (The good news here is that the formats are pretty uncommonly used in Photoshop, to the point where I can't remember the last time a customer mentioned them to me.)
Posted by John Nack at 08:21 AM on April 27, 2007

Comments

Dave — 06:04 PM on April 30, 2007

Death Valley? Make sure you visit The Racetrack!

[Ah yes--gotta get there at some point. This trip we stayed in Panamint Valley, the better for good clean offroad mischief. ;-) --J.]

Evoken — 10:46 PM on April 30, 2007

There seems to be another one related to PNG files:

http://news.com.com/2100-1002-6180180.html?tag=tb

Evo

Frank Spangenberg — 09:42 AM on May 01, 2007

Next one:
Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
http://milw0rm.com/exploits/3812

Hope there will be an update soon! :-(

Jeff Davies — 07:01 AM on May 03, 2007

I must be an oddity then. I frequently bring BMPs into Photoshop. PowerDVD allows still captures to be saved to file as TIFF, BMP etc.

[It's not to say that the format is never used, but it's pretty archaic & in my experience it has been replaced in most applications by PNG, etc. --J.]

MN Web Design — 10:29 PM on May 03, 2007

Be sure to post as soon as you find out the details. Thanks!

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Remember Me?