Vulners
Lucene search
Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' (Denial of Service)
#####################################################################################
Application: Paintshop Pro X7 GIF Conversion Heap Memory Corruption Vulnerabilities (LZWMinimumCodeSize)
Platforms: Windows
Versions: The vulnerability is confirmed in version Paintshop Prox X7, Other versions may also be affected.
Secunia:
{PRL}: 2015-06
Author: Francis Provencher (Protek Research Lab’s)
Website: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
PaintShop Pro (PSP) is a raster and vector graphics editor for Microsoft Windows. It was originally published by Jasc Software. In October 2004, Corel purchased Jasc Software and the distribution rights to Paint Shop Pro. PSP functionality can be extended by Photoshop-compatible plugins.
Although often written as Paint Shop Pro, Corel’s website shows the name for the product as PaintShop Pro. The X-numbered editions have been sold in two versions: PaintShop Pro, which is the basic editing program, and PaintShop Pro Ultimate, which bundles in other standalone programs. The particular bundled programs have varied with each numbered version and have not been sold by Corel as separate products.
(https://en.wikipedia.org/wiki/PaintShop_Pro)
#####################################################################################
============================
2) Report Timeline
============================
2015-04-23: Francis Provencher from Protek Research Lab’s found the issue;
2015-02-24: Francis Provencher From Protek Research Lab’s ask for a security contact at Corel Software;
2015-02-25: Francis Provencher From Protek Research Lab’s ask for a security contact at Corel Software;
2015-05-10: Corel push a silent fix, without credit.
2015-05-16: Publication of this advisory.
#####################################################################################
============================
3) Technical details
============================
An error when handling LZWMinimumCodeSize can be exploited to cause an heap memory corruption via a specially crafted GIF file.
#####################################################################################
===========
4) POC
===========
http://protekresearchlab.com/exploits/PRL-2015-06.gif
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37346.gif
###############################################################################Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Jun 2015 00:00Current
7.4High risk
Vulners AI Score7.4