April 27, 2007

Photoshop security issue reported; details pending

Security firm Secunia has reported a vulnerability with Photoshop CS2 and CS3, whereby a malformed bitmap file (.BMP, .DIB, .RLE) could cause a buffer overflow in the application.  Unfortunately I don’t have more useful info to add at the moment, and I’m heading to Death Valley for the weekend & will be out of the loop for a bit.  I’ll post more details as I get them.  In the meantime, I’d suggest steering clear of files in these formats created by unknown/untrusted parties.  (The good news here is that the formats are pretty uncommonly used in Photoshop, to the point where I can’t remember the last time a customer mentioned them to me.)

Posted by John Nack at 8:21 AM on April 27, 2007


  • Dave — 6:04 PM on April 30, 2007

    Death Valley? Make sure you visit The Racetrack!
    [Ah yes–gotta get there at some point. This trip we stayed in Panamint Valley, the better for good clean offroad mischief. ;-) –J.]

  • Evoken — 10:46 PM on April 30, 2007

    There seems to be another one related to PNG files:

  • Frank Spangenberg — 9:42 AM on May 01, 2007

    Next one:
    Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
    Hope there will be an update soon! :-(

  • Jeff Davies — 7:01 AM on May 03, 2007

    I must be an oddity then. I frequently bring BMPs into Photoshop. PowerDVD allows still captures to be saved to file as TIFF, BMP etc.
    [It’s not to say that the format is never used, but it’s pretty archaic & in my experience it has been replaced in most applications by PNG, etc. –J.]

  • MN Web Design — 10:29 PM on May 03, 2007

    Be sure to post as soon as you find out the details. Thanks!

Copyright © 2020 Adobe Systems Incorporated. All rights reserved.
Terms of Use | Privacy Policy and Cookies (Updated)