CVE-2015-3110
critical
CVSS v3
—
CVSS v4 NEW
—
VIR risk
10.0
Description
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption
#####################################################################################
Application: Adobe Photoshop CC 2014 & Bridge CC 2014
Platforms: Windows
Versions: The vulnerability is confirmed in version Photoshop CC 2014 and Bridge CC 2014.
Secunia:
{PRL}: 2015-07
Author: Francis Provencher (Protek Research Lab’s)
Website: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
Photoshop was created in 1988 by Thomas and John Knoll. Since then, it has become the de facto industry standard in raster graphics editing, such that the word “photoshop” has become a verb as in “to photoshop an image,” “photoshopping,” and “photoshop contest,” etc. It can edit and compose raster images in multiple layers and supports masks, alpha compositing and several colour models including RGB,CMYK, Lab colour space (with capital L), spot colour and duotone. Photoshop has vast support for graphic file formats but also uses its own PSD and PSB file formats which support all the aforementioned features. In addition to raster graphics, it has limited abilities to edit or render text, vector graphics (especially through clipping path), 3D graphics and video. Photoshop’s featureset can be expanded by Photoshop plug-ins, programs developed and distributed independently of Photoshop that can run inside it and offer new or enhanced features.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-03-15: Francis Provencher from Protek Research Lab’s found the issue;
2015-03-19: Francis Provencher From Protek Research Lab’s report vulnerability to PSIRT;
2015-05-16: Adobe release a patch (APSB15-12)
#####################################################################################
============================
3) Technical details
============================
An error in the the GIF parser, could lead to a memory corruption when processing a crafted GIF image with an invalid value in the “ImageLeftPosition” into
the “ImageDescriptor”.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires
tricking a user into opening or previewing a malicious file.
#####################################################################################
===========
4) POC
===========
http://protekresearchlab.com/exploits/PRL-2015-07.gif
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37347.gif
###############################################################################OS impact
macOS Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| — | Not affected | — |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | photoshop_cc | {"endIncluding":"15.2.2"} | |
| adobe | bridge | {"endIncluding":"6.1"} | |
References
- http://www.securityfocus.com/bid/75243
- http://www.securitytracker.com/id/1032658
- http://www.securitytracker.com/id/1032659
- https://helpx.adobe.com/security/products/bridge/apsb15-13.html
- https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
- http://www.securityfocus.com/bid/75243
- http://www.securitytracker.com/id/1032658
- http://www.securitytracker.com/id/1032659
- https://helpx.adobe.com/security/products/bridge/apsb15-13.html
- https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
CWEs
CWE-189
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.