PT-2017-15616 · Computerinsel+1 · Photoline+1

Publicado

2017-10-05

Atualizado

2022-06-13

CVE-2017-2920

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Computerinsel Photoline version 20.02

Description A memory corruption issue exists in the .SVG parsing functionality. This can be triggered by a specially crafted .SVG file, potentially leading to arbitrary code execution. An attacker can exploit this by sending a specific .SVG file.

Recommendations For Computerinsel Photoline version 20.02, update to a version that fixes the memory corruption vulnerability in the .SVG parsing functionality to prevent potential arbitrary code execution.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-2920

MGASA-2018-0214

OPENSUSE-SU-2018_2229-1

SUSE-SU-2018:2045-1

SUSE-SU-2018:2064-1

Produtos afetados

Photoline

Suse

PT-2017-15616 · Computerinsel+1 · Photoline+1

CVE-2017-2920

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21