Fortinet : FortiGuard Labs Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop

This past May I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2019 to the software developer, Adobe Inc. Last Tuesday (Aug 13, 2019), Adobe released several security patches to fix those issues as part of their Patch Tuesday Initiative.

These vulnerabilities are identified as CVE-2019-7990, CVE-2019-7991, CVE-2019-7992, CVE-2019-7993, CVE-2019-7997, CVE-2019-7998, CVE-2019-7999, CVE-2019-8000 and CVE-2019-8001. All of these vulnerabilities have different root causes, though they are all related to Photoshop Plugins. Due to the critical rating of these vulnerabilities, we strongly recommend that users apply the recently released Adobe patches as soon as possible.

This is a Memory Corruption Vulnerability that exists in the decoding of U3D (Universal 3D) files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed U3D file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the 'U3D' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted U3D file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7990 was previously released to protect our customers from this specific vulnerability.

This is a Memory Corruption Vulnerability that exists in the decoding of U3D (Universal 3D) files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed U3D file, which leads to an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the 'U3D' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted U3D file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7991 was previously released to protect our customers from this specific vulnerability.

This is a Heap Overflow Vulnerability that exists in the Adobe Photoshop 'Standard_MultiPlugin' plugin. Specifically, the vulnerability is caused by a malformed TGA (Targa) file that contains crafted ColorIndex data within the Run-Length-Encoding Compressed Image file. It causes an Out of Bounds Write memory access due to an improper bounds check when manipulating a pointer to a heap allocated buffer.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application,via a crafted TGA file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7992 was previously released to protect our customers from this specific vulnerability.

This is a Heap Overflow Vulnerability that exists in the decoding of PCT files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed PCT file, which leads to an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the 'MMXCore' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7993 was previously released to protect our customers from this specific vulnerability..

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the 'Standard_MultiPlugin' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7997 was previously released to protect our customers from this specific vulnerability.

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the 'Standard_MultiPlugin' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7998 was previously released to protect our customers from this specific vulnerability.

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the 'Standard_MultiPlugin' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7999 was previously released to protect our customers from this specific vulnerability.

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds memory access due to improper bounds check. The specific vulnerability exists in the 'Standard_MultiPlugin' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-8000 was previously released to protect our customers from this specific vulnerability.

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the 'Standard_MultiPlugin' plugin.

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.

Solution

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-8001 was previously released to protect our customers from this specific vulnerability.

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio. Sign up for our weekly FortiGuard Threat Brief.

Read about the FortiGuard Security Rating Service, which provides security audits and best practices.