Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered four code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion,
creation, editing and more. There are vulnerabilities in certain functions of ImageGear that could allow an attacker to execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Accusoft to ensure that these issues are resolved and that an update (link will generate a download) is available for affected customers.
Vulnerability details
Accusoft ImageGear PNG store_data_buffer size computation code execution vulnerability (TALOS-2020-0998/CVE-2020-6075)
An exploitable out-of-bounds write vulnerability exists in the `store_data_buffer` function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
Read the complete vulnerability advisory here for additional information.
Accusoft ImageGear ICO ico_read buffer size computation code execution vulnerability (TALOS-2020-0999/CVE-2020-6076)
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a ..
Support the originator by clicking the read the rest link below.
