Search This Blog

CVE-2012-4170 : Adobe fixes Buffer Overflow Vulnerability in Photoshop

Adobe has released an update to Photoshop CS6 with version 13.0.1. This update closes a critical Remote Buffer overflow vulnerability in the PNG Image Processing.

Francis Provencher has discovered a vulnerability in Adobe Photoshop CS6, which can be exploited by malicious people to compromise a user's system.

According to Secunia advisory, The vulnerability is caused due to a boundary error in the "Standard MultiPlugin.8BF" module when processing a Portable Network Graphics (PNG) image. This can be exploited to cause a heap-based buffer overflow via a specially crafted "tRNS" chunk size.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious image.

The vulnerability is reported in versions 13.x only for Windows and Macintosh (confirmed in 13.0 20120315.r.428 on Windows).

Users can upgrade to Photoshop CS6 13.0.1 by selecting "Updates" under the Photoshop Help menu; this will launch the Adobe Application Manager, allowing users to select and install the update.
Share it:

Application Vulnerability