PT-2020-18906 · Accusoft · Accusoft Imagegear
Emmanuel Tacheau
·
Published
2020-02-11
·
Updated
2022-08-31
·
CVE-2020-6067
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Accusoft ImageGear version 19.5.0
Description
A specially crafted TIFF file can cause an out-of-bounds write in the igcore19d.dll TIFF tifread parser, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the issue.
Recommendations
For Accusoft ImageGear version 19.5.0, consider avoiding the use of the TIFF tifread parser until a patch is available. As a temporary workaround, restrict the handling of TIFF files from untrusted sources to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Accusoft Imagegear