Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered three code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing and more. There are vulnerabilities in certain functions of ImageGear that could allow an attacker to execute code on the victim machine.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Accusoft to ensure that these issues are resolved and that an update (link will generate a download) is available for affected customers.
Vulnerability details
Accusoft ImageGear TIFF TIF_read_stripdata code execution vulnerability (TALOS-2019-0972/CVE-2019-5187)
An exploitable out-of-bounds write vulnerability exists in the TIF_read_stripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
Read the complete vulnerability advisory here for additional information.
Accusoft ImageGear PCX uncompress_scan_line buffer size computation code execution vulnerability (TALOS-2020-0986/CVE-2020-6063)
An exploitable out-of-bounds write vulnerability exists in the `uncompress_scan_line` function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to t ..
Support the originator by clicking the read the rest link below.
