Photoline
CVE-2018-3861
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
AnalysisAI
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. Affected products include: Computer-Insel Photoline.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. Rated high
An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. Rated high
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. Rated high
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. Rated high s
A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. Rated high s
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. Rated high s
A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary da
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting. Rated high
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high s
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high s
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high s
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary d
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today