TTCSIRT-145.072018: TT-CSIRT Advisory – Photoline Security Updates
Talos has released a security update stating that it has found the following issues in Computerinsel Photoline which is an image-processing tool used to modify and edit images as well as other graphic-related material:
a) A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data.
b) An ANI-parsing functionality vulnerability can lead to memory corruption.
An attacker can exploit these vulnerabilities to perform arbitrary code execution.
|Further information on these vulnerabilities and how they can be mitigated can be found on Talos Intelligence Website at https://blog.talosintelligence.com/2018/07/vulnerability-spotlight-computerinsel-photoline.html|