Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

Picture this: Security flaw found in Photoshop

Security company Secunia has issued a warning about what it calls a "highly critical" security hole in Adobe's popular Photoshop software.

Secunia said it has confirmed that the exploit affects Adobe Photoshop CS2 and Photoshop Elements 5.x. It is still trying to determine if it affects Photoshop CS3.

Portable network graphics (PNG) is a file format for saving digital images. It was developed as an alternative to GIF files. PNG is supported by many of the latest web browsers and graphics programs.

The security hole in the Adobe software, which was unpatched as of Monday afternoon, becomes an issue if Photoshop is used to open an infected PNG file. Malicious code contained in the file can then launch a buffer overflow attack. In a nutshell, this means an infected PNG file could be set up to run programs that could give a hacker remote access to a computer.

According to Secunia, "The vulnerability is caused due to a boundary error within the PNG.8BI Photoshop Format Plugin when handling PNG files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PNG file."

Until a patch is released, a good defence would be to avoid using the affected versions of Photoshop to open PNG files unless you know they're from a trusted source.

« Previous Post | Main | Next Post »

This discussion is now Open. Submit your Comment.

Comments

Mark Rushton

NOTE that the Secundia website indicates that this affects the Windows version. Macintosh remains the safe bet!

Posted May 10, 2007 05:18 PM

Bob

Toronto

Or, test out "The Gimp" (currently Version 2.2) and see if it meets your needs instead of Photoshop. It's free as in freedom and free as in free beer.

Gimp 2.4 should be out soon and will be much improved and from what I've read Gimp 2.6 (currently in the works) will knock your socks off!

Also the free software community is well known for fixing security flaws in hours versus weeks and months for proprietary software.

Posted May 12, 2007 11:17 AM

« Previous Post | Main | Next Post »

Post a Comment

Disclaimer:

Note: By submitting your comments you acknowledge that CBC has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Please note that due to the volume of e-mails we receive, not all comments will be published, and those that are published will not be edited. But all will be carefully read, considered and appreciated.

Note: Due to volume there will be a delay before your comment is processed. Your comment will go through even if you leave this page immediately afterwards.

Privacy Policy | Submissions Policy

Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

World »

302 Found

Found

The document has moved here.

more »

Canada »

302 Found

Found

The document has moved here.

more »

Politics »

302 Found

Found

The document has moved here.

more »

Health »

302 Found

Found

The document has moved here.

more »

Arts & Entertainment»

302 Found

Found

The document has moved here.

more »

Technology & Science »

302 Found

Found

The document has moved here.

more »

Money »

302 Found

Found

The document has moved here.

more »

Consumer Life »

302 Found

Found

The document has moved here.

more »

Sports »

[an error occurred while processing this directive] 302 Found

Found

The document has moved here.

more »

Diversions »

[an error occurred while processing this directive]
more »