PT-2018-16280 · Computerinsel · Photoline
Published
2018-04-11
·
Updated
2023-02-02
·
CVE-2018-3887
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Computerinsel Photoline version 20.53
Description
A memory corruption issue exists in the PCX-parsing functionality. Processing a specially crafted PCX image can lead to an out-of-bounds write, allowing an attacker to overwrite arbitrary data and potentially gain code execution.
Recommendations
For Computerinsel Photoline version 20.53, consider avoiding the use of the PCX-parsing functionality until a patch is available. As a temporary workaround, restrict the processing of PCX images from untrusted sources to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Photoline