Информационная безопасность
[RU] switch to English


Переполнения буфера во многих просмотрщиках изображений (multiple bugs)
дополнено с 5 апреля 2007 г.
Опубликовано:2 ноября 2007 г.
Источник:
SecurityVulns ID:7535
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера при разборе изображений BMP, TIFF, XPM, CLP, PSP, RAS, IFF, PNG.
Затронутые продукты:ADOBE : Photoshop CS2
 GNU : GIMP 2.2
 IRFANVIEW : IrfanView 3.99
 ACD : ACDSee 9.0
 FASTSTONE : FastStone Image Viewer 2.9
 IRFANVIEW : IrfanView 4.0
 ADOBE : Photoshop CS3
 ADOBE : Photoshop Elements 5.0
 COREL : Paint Shop Pro 11.20
 ABCVIEW : ABC-View Manager 1.42
 XNVIEW : XnView 1.90
 PHOTOFILTRE : Photofiltre Studio 8.1
CVE:CVE-2007-4344
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.)
 CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.)
 CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.)
 CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.)
Оригинальный текстdocumentSECUNIA, Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows (02.11.2007)
 documentifsecure_(at)_gmail.com, Several Windows image viewers vulnerabilities (05.04.2007)
Файлы:IrfanView <= 4.00 .IFF File Buffer Overflow
 Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
 Gimp v2.2.14 .RAS File SUNRAS Plugin Buffer Overflow
 ABC-View Manager 1.42 .PSP File Buffer Overflow
 FreshView 7.15 .PSP File Buffer Overflow
 Adobe Photoshop CS2 / CS3 Unspecified .BMP File Buffer Overflow
 Corel Paint Shop Pro Photo v11.20 Unspecified .CLP File Buffer Overflow
 ACDSee v9.0 .XPM File Buffer Overflow
 XnView 1.90.3 .XPM File Buffer Overflow
 Exploits Photofiltre Studio v8.1.1 .TIF File Buffer Overflow
 Several Windows image viewers vulnerabilities PoC

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород