Security firm Secunia has reported a vulnerability with Photoshop CS2 and CS3, whereby a malformed bitmap file (.BMP, .DIB, .RLE) could cause a buffer overflow in the application. Unfortunately I don’t have more useful info to add at the moment, and I’m heading to Death Valley for the weekend & will be out of the loop for a bit. I’ll post more details as I get them. In the meantime, I’d suggest steering clear of files in these formats created by unknown/untrusted parties. (The good news here is that the formats are pretty uncommonly used in Photoshop, to the point where I can’t remember the last time a customer mentioned them to me.)
Death Valley? Make sure you visit The Racetrack!
[Ah yes–gotta get there at some point. This trip we stayed in Panamint Valley, the better for good clean offroad mischief. 😉 –J.]
There seems to be another one related to PNG files:
http://news.com.com/2100-1002-6180180.html?tag=tb
Evo
Next one:
Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
http://milw0rm.com/exploits/3812
Hope there will be an update soon! 🙁
I must be an oddity then. I frequently bring BMPs into Photoshop. PowerDVD allows still captures to be saved to file as TIFF, BMP etc.
[It’s not to say that the format is never used, but it’s pretty archaic & in my experience it has been replaced in most applications by PNG, etc. –J.]
Be sure to post as soon as you find out the details. Thanks!