TTCSIRT-145.072018: TT-CSIRT Advisory – Photoline Security Updates
Talos has released a security update stating that it has found the following issues in Computerinsel Photoline which is an image-processing tool used to modify and edit images as well as other graphic-related material:
a) A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data.
b) An ANI-parsing functionality vulnerability can lead to memory corruption.
An attacker can exploit these vulnerabilities to perform arbitrary code execution.
Further information on these vulnerabilities and how they can be mitigated can be found on Talos Intelligence Website at https://blog.talosintelligence.com/2018/07/vulnerability-spotlight-computerinsel-photoline.html |