April 27, 2007

Photoshop security issue reported; details pending

Security firm Secunia has reported a vulnerability with Photoshop CS2 and CS3, whereby a malformed bitmap file (.BMP, .DIB, .RLE) could cause a buffer overflow in the application.  Unfortunately I don't have more useful info to add at the moment, and I'm heading to Death Valley for the weekend & will be out of the loop for a bit.  I'll post more details as I get them.  In the meantime, I'd suggest steering clear of files in these formats created by unknown/untrusted parties.  (The good news here is that the formats are pretty uncommonly used in Photoshop, to the point where I can't remember the last time a customer mentioned them to me.)
Posted by John Nack at 8:21 AM on April 27, 2007

Comments

Dave — 6:04 PM on April 30, 2007

Death Valley? Make sure you visit The Racetrack!

[Ah yes--gotta get there at some point. This trip we stayed in Panamint Valley, the better for good clean offroad mischief. ;-) --J.]

Evoken — 10:46 PM on April 30, 2007

There seems to be another one related to PNG files:

http://news.com.com/2100-1002-6180180.html?tag=tb

Evo

Frank Spangenberg — 9:42 AM on May 1, 2007

Next one:
Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
http://milw0rm.com/exploits/3812

Hope there will be an update soon! :-(

Jeff Davies — 7:01 AM on May 3, 2007

I must be an oddity then. I frequently bring BMPs into Photoshop. PowerDVD allows still captures to be saved to file as TIFF, BMP etc.

[It's not to say that the format is never used, but it's pretty archaic & in my experience it has been replaced in most applications by PNG, etc. --J.]

MN Web Design — 10:29 PM on May 3, 2007

Be sure to post as soon as you find out the details. Thanks!

Post a comment

Remember Me?