PT-2017-15616 · Computerinsel+1 · Photoline+1

Published

2017-10-05

Updated

2022-06-13

CVE-2017-2920

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Computerinsel Photoline version 20.02

Description A memory corruption issue exists in the .SVG parsing functionality. This can be triggered by a specially crafted .SVG file, potentially leading to arbitrary code execution. An attacker can exploit this by sending a specific .SVG file.

Recommendations For Computerinsel Photoline version 20.02, update to a version that fixes the memory corruption vulnerability in the .SVG parsing functionality to prevent potential arbitrary code execution.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-2920

MGASA-2018-0214

OPENSUSE-SU-2018_2229-1

SUSE-SU-2018:2045-1

SUSE-SU-2018:2064-1

Affected Products

Photoline

Suse

PT-2017-15616 · Computerinsel+1 · Photoline+1

CVE-2017-2920

Weakness Enumeration

Related Identifiers

Affected Products

References · 21