Vulnerability Spotlight: Buffer overflow vulnerabilities in Accusoft ImageGear could lead to code execution

Francesco Benvenuto and Emmanuel Tacheau of Cisco Talos and another team member discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear. 

The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF and Microsoft Office. These vulnerabilities Talos discovered could allow an attacker to cause a heap-based buffer overflow condition. All but one of these vulnerabilities — TALOS-2021-1374 — could lead to code execution on the targeted machine.

For more information on each of these issues, read their full advisories linked below: TALOS-2021-1362 (CVE-2021-21914) TALOS-2021-1367 (CVE-2021-21938) TALOS-2021-1368 (CVE-2021-21939) TALOS-2021-1371 (CVE-2021-21942) TALOS-2021-1373 (CVE-2021-21943) TALOS-2021-1374 (CVE-2021-21944 and CVE-2021-21945) TALOS-2021-1375 (CVE-2021-21946 and CVE-2021-21947) 

There is also another vulnerability, TALOS-2021-1377 (CVE-2021-21949), that could also lead to code execution. However, in that scenario, the attacker needs to trigger a use-after-free condition. 

Talos is disclosing these vulnerabilities despite no known updates or patches from Accusoft, all in adherence to Cisco’s vulnerability disclosure policy.  

Talos tested and confirmed Accusoft ImageGear, version 19.10, is affected by these vulnerabilities. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 44023 – 44026, 58046, 58047, 58073, 58074, 58100, 58101, 58153, 58154, 58220 – 58223, 58235 and

Read More: http://blog.talosintelligence.com/2022/02/vuln-spotlight-accusoft-code.html