Adobe Photoshop JPEG2000 Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2018-11-20T00:00:00
ID ZDI-18-1348 Type zdi Reporter Anonymous Modified 2018-06-22T00:00:00
Description
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
{"id": "ZDI-18-1348", "bulletinFamily": "info", "title": "Adobe Photoshop JPEG2000 Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "published": "2018-11-20T00:00:00", "modified": "2018-06-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1348/", "reporter": "Anonymous", "references": ["https://helpx.adobe.com/security/products/photoshop/apsb18-43.html"], "cvelist": ["CVE-2018-15980"], "type": "zdi", "lastseen": "2020-06-22T11:42:24", "edition": 1, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-15980"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814196", "OPENVAS:1361412562310814197"]}, {"type": "nessus", "idList": ["ADOBE_PHOTOSHOP_APSB18-43.NASL", "MACOS_ADOBE_PHOTOSHOP_APSB18-43.NASL"]}], "modified": "2020-06-22T11:42:24", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2020-06-22T11:42:24", "rev": 2}, "vulnersScore": 3.8}}
{"cve": [{"lastseen": "2020-12-09T20:25:37", "description": "Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-29T20:29:00", "title": "CVE-2018-15980", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15980"], "modified": "2018-12-04T18:07:00", "cpe": ["cpe:/a:adobe:photoshop_cc:19.1.6"], "id": "CVE-2018-15980", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15980", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:photoshop_cc:19.1.6:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-07-17T14:18:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15980"], "description": "The host is installed with Adobe Photoshop\n CC and is prone to information disclosure vulnerability", "modified": "2019-07-05T00:00:00", "published": "2018-11-15T00:00:00", "id": "OPENVAS:1361412562310814197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814197", "type": "openvas", "title": "Adobe Photoshop CC Information Disclosure Vulnerability-APSB18-28 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Photoshop CC Information Disclosure Vulnerability-APSB18-28 (Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation;\n# either version 2 of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:photoshop_cc2018\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814197\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-15980\");\n script_bugtraq_id(105905);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-15 13:26:21 +0530 (Thu, 15 Nov 2018)\");\n script_name(\"Adobe Photoshop CC Information Disclosure Vulnerability-APSB18-28 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Photoshop\n CC and is prone to information disclosure vulnerability\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to out-of-bounds read\n when handling malicious input. A remote attacker can trick the victim into\n opening specially crafted data, trigger memory corruption and gain access\n to potentially sensitive information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclosure of sensitive information which may aid in launching further\n attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Photoshop CC 2018 19.1.6 and earlier on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Photoshop CC 2018 19.1.7, 20.0 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb18-43.html\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_adobe_photoshop_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Photoshop/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\npver = infos['version'];\nppath = infos['location'];\n\nif(version_in_range(version:pver, test_version:\"19.0\", test_version2:\"19.1.6\"))\n{\n report = report_fixed_ver( installed_version: \"Adobe Photoshop CC 2018 \" + pver, fixed_version: \"19.1.7\", install_path:ppath);\n security_message(data:report);\n}\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-17T14:18:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15980"], "description": "The host is installed with Adobe Photoshop\n CC and is prone to information disclosure vulnerability", "modified": "2019-07-05T00:00:00", "published": "2018-11-15T00:00:00", "id": "OPENVAS:1361412562310814196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814196", "type": "openvas", "title": "Adobe Photoshop CC Information Disclosure Vulnerability-APSB18-28 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Photoshop CC Information Disclosure Vulnerability-APSB18-28 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation;\n# either version 2 of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:photoshop_cc2018\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814196\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-15980\");\n script_bugtraq_id(105905);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-15 13:11:50 +0530 (Thu, 15 Nov 2018)\");\n script_name(\"Adobe Photoshop CC Information Disclosure Vulnerability-APSB18-28 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Photoshop\n CC and is prone to information disclosure vulnerability\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to out-of-bounds read\n when handling malicious input. A remote attacker can trick the victim into\n opening specially crafted data, trigger memory corruption and gain access\n to potentially sensitive information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclosure of sensitive information which may aid in launching further\n attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Photoshop CC 2018 19.1.6 and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Photoshop CC 2018 19.1.7, 20.0 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb18-43.html\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_adobe_photoshop_detect.nasl\");\n script_mandatory_keys(\"Adobe/Photoshop/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\npver = infos['version'];\nppath = infos['location'];\n\nif(version_in_range(version:pver, test_version:\"19.0\", test_version2:\"19.1.6\"))\n{\n report = report_fixed_ver( installed_version: \"Adobe Photoshop CC 2018 \" + pver, fixed_version: \"19.1.7\", install_path:ppath);\n security_message(data:report);\n}\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T01:14:22", "description": "The version of Adobe Photoshop CC installed on the remote Windows host\nis 19.x prior to 19.1.7 (2018.1.7). It is, therefore, affected by an\nout-of-bounds read allowing the disclosure of sensitive information.", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-11-15T00:00:00", "title": "Adobe Photoshop CC 19.x < 19.1.7 Information Disclosure Vulnerability (APSB18-43)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15980"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:photoshop_cc"], "id": "ADOBE_PHOTOSHOP_APSB18-43.NASL", "href": "https://www.tenable.com/plugins/nessus/118976", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118976);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\"CVE-2018-15980\");\n script_bugtraq_id(105905);\n\n script_name(english:\"Adobe Photoshop CC 19.x < 19.1.7 Information Disclosure Vulnerability (APSB18-43)\");\n script_summary(english:\"Checks the Photoshop version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Photoshop CC installed on the remote Windows host\nis 19.x prior to 19.1.7 (2018.1.7). It is, therefore, affected by an\nout-of-bounds read allowing the disclosure of sensitive information.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb18-43.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Photoshop CC 19.1.7 (2018.1.7), 20.0 (2019.0), or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15980\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:photoshop_cc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_photoshop_installed.nasl\");\n script_require_keys(\"installed_sw/Adobe Photoshop\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"Adobe Photoshop\", win_local:TRUE);\n\nif (\"CC\" >!< app_info.Product) vcf::vcf_exit(0, \"Only Adobe Photoshop CC is affected.\");\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { \"min_version\" : \"19\", \"fixed_version\" : \"19.1.7\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T03:21:17", "description": "The version of Adobe Photoshop CC installed on the remote macOS or\nMac OS X host is 19.x prior to 19.1.7 (2018.1.7). It is, therefore,\naffected by an out-of-bounds read allowing the disclosure of sensitive\ninformation.", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-11-15T00:00:00", "title": "Adobe Photoshop CC 19.x < 19.1.7 Information Disclosure Vulnerability (APSB18-43) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15980"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:photoshop_cc"], "id": "MACOS_ADOBE_PHOTOSHOP_APSB18-43.NASL", "href": "https://www.tenable.com/plugins/nessus/118975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118975);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\"CVE-2018-15980\");\n script_bugtraq_id(105905);\n\n script_name(english:\"Adobe Photoshop CC 19.x < 19.1.7 Information Disclosure Vulnerability (APSB18-43) (macOS)\");\n script_summary(english:\"Checks the Photoshop version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Photoshop CC installed on the remote macOS or\nMac OS X host is 19.x prior to 19.1.7 (2018.1.7). It is, therefore,\naffected by an out-of-bounds read allowing the disclosure of sensitive\ninformation.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb18-43.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Photoshop CC 19.1.7 (2018.1.7), 20.0 (2019.0), or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15980\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:photoshop_cc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_photoshop_installed.nasl\");\n script_require_keys(\"Host/MacOSX/Version\", \"installed_sw/Adobe Photoshop\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/MacOSX/Version\");\n\napp_info = vcf::get_app_info(app:\"Adobe Photoshop\");\n\nif (\"CC\" >!< app_info.name) vcf::vcf_exit(0, \"Only Adobe Photoshop CC is affected.\");\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { \"min_version\" : \"19\", \"fixed_version\" : \"19.1.7\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
