Информационная безопасность
[RU] switch to English


Переполнения буфера во многих просмотрщиках изображений (multiple bugs)
дополнено с 5 апреля 2007 г.
Опубликовано:2 ноября 2007 г.
Источник:
SecurityVulns ID:7535
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера при разборе изображений BMP, TIFF, XPM, CLP, PSP, RAS, IFF, PNG.
Затронутые продукты:ADOBE : Photoshop CS2
 GNU : GIMP 2.2
 IRFANVIEW : IrfanView 3.99
 ACD : ACDSee 9.0
 FASTSTONE : FastStone Image Viewer 2.9
 IRFANVIEW : IrfanView 4.0
 ADOBE : Photoshop CS3
 ADOBE : Photoshop Elements 5.0
 COREL : Paint Shop Pro 11.20
 ABCVIEW : ABC-View Manager 1.42
 XNVIEW : XnView 1.90
 PHOTOFILTRE : Photofiltre Studio 8.1
CVE:CVE-2007-4344
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.)
 CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.)
 CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.)
 CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.)
Оригинальный текстdocumentSECUNIA, Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows (02.11.2007)
 documentifsecure_(at)_gmail.com, Several Windows image viewers vulnerabilities (05.04.2007)
Файлы:ACDSee v9.0 .XPM File Buffer Overflow
 XnView 1.90.3 .XPM File Buffer Overflow
 ABC-View Manager 1.42 .PSP File Buffer Overflow
 Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
 FreshView 7.15 .PSP File Buffer Overflow
 Adobe Photoshop CS2 / CS3 Unspecified .BMP File Buffer Overflow
 Corel Paint Shop Pro Photo v11.20 Unspecified .CLP File Buffer Overflow
 Exploits Photofiltre Studio v8.1.1 .TIF File Buffer Overflow
 IrfanView <= 4.00 .IFF File Buffer Overflow
 Gimp v2.2.14 .RAS File SUNRAS Plugin Buffer Overflow
 Several Windows image viewers vulnerabilities PoC

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород