April 27, 2007

Photoshop security issue reported; details pending

Security firm Secunia has reported a vulnerability with Photoshop CS2 and CS3, whereby a malformed bitmap file (.BMP, .DIB, .RLE) could cause a buffer overflow in the application.  Unfortunately I don’t have more useful info to add at the moment, and I’m heading to Death Valley for the weekend & will be out of the loop for a bit.  I’ll post more details as I get them.  In the meantime, I’d suggest steering clear of files in these formats created by unknown/untrusted parties.  (The good news here is that the formats are pretty uncommonly used in Photoshop, to the point where I can’t remember the last time a customer mentioned them to me.)

Posted by John Nack at 8:21 AM on April 27, 2007

Comments

  • Dave — 6:04 PM on April 30, 2007

    Death Valley? Make sure you visit The Racetrack!
    [Ah yes–gotta get there at some point. This trip we stayed in Panamint Valley, the better for good clean offroad mischief. ;-) –J.]

  • Evoken — 10:46 PM on April 30, 2007

    There seems to be another one related to PNG files:
    http://news.com.com/2100-1002-6180180.html?tag=tb
    Evo

  • Frank Spangenberg — 9:42 AM on May 01, 2007

    Next one:
    Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
    http://milw0rm.com/exploits/3812
    Hope there will be an update soon! :-(

  • Jeff Davies — 7:01 AM on May 03, 2007

    I must be an oddity then. I frequently bring BMPs into Photoshop. PowerDVD allows still captures to be saved to file as TIFF, BMP etc.
    [It’s not to say that the format is never used, but it’s pretty archaic & in my experience it has been replaced in most applications by PNG, etc. –J.]

  • MN Web Design — 10:29 PM on May 03, 2007

    Be sure to post as soon as you find out the details. Thanks!

Copyright © 2019 Adobe Systems Incorporated. All rights reserved.
Terms of Use | Privacy Policy and Cookies (Updated)