Adobe Photoshop bitmap and PNG security issue - 7 May, 2007
Marsu, Famously known as a security researcher has discovered a security issue in two different formats of graphics files, Bitmap files and PNG files.
The flaw, which is supposed to be announced via security website Secunia, shows that the image editing application Adobe Photoshop CS2, and possibly the new version of Photoshop, CS3, contain a security vulnerability that could potentially compromise users' computers. An error which was occured in the BMP.8BI Photoshop Format Plugin caused the flaw while dealing with Bitmap files.
Hackers could exploit such a situation just by causing a stack-based buffer overflow via a customised .BMP file. The vulnerability can also affect bitmaps with the file extensions .DIB and .RLE.
As per the reports from Secunia, the security flaw has supposed to been confirmed as affecting Photoshop CS2 and CS3, but may also affect other versions. Even when the vulnerability was tested under Windows XP, there was no mention as to whether the security risk was limited to the Microsoft Windows operating system. It is yet to be confirmed that if it could also affect Apple Macintosh OS X computers. A similar security hole has also been discovered in the .PNG file format and affects both Photoshop and Adobe Photoshop Elements.
Till now there is no patch from Adobe side, and the advice given by Secunia is not to open un-trusted Bitmap or .PNG files. The graphic designers rarely use the .BMP bitmap file format as a final artwork file. But this format is sometimes supplied by clients, or used as an attachment in emails. The web designers generally use the .PNG file format, although it is not as popular as the .GIF and .JPEG formats. |
