Photoline
CVE-2018-3886
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
AnalysisAI
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. Affected products include: Pl32 Photoline.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. Rated high
An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. Rated high
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. Rated high
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. Rated high s
A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. Rated high s
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. Rated high s
A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary da
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting. Rated high
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary d
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high s
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high s
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary d
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today