Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear.
The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF, Microsoft Office. These vulnerabilities Talos discovered could allow an attacker to carry out various malicious actions, including corrupting memory on the victim machine and executing remote code.
TALOS-2021-1257 (CVE-2021-21793), TALOS-2021-1261 (CVE-2021-21794) and TALOS-2021-1289 (CVE-2021-21824) are all out-of-bounds write vulnerabilities that exist in various functions of the software. An attacker could trigger these vulnerabilities by tricking a user into opening a specially crafted, malicious file.
TALOS-2021-1264 (CVE-2021-21795), TALOS-2021-1276 (CVE-2021-21808), TALOS-2021-1286 (CVE-2021-21821) and TALOS-2021-1275 (CVE-2021-21807) are buffer overflow vulnerabilities that could also be triggered with a malicious file. These vulnerabilities could all lead to memory corruption if exploited.
Talos also discovered TALOS-2021-1296 (CVE-2021-21833), a ..
Support the originator by clicking the read the rest link below.
