PT-2020-18907 · Accusoft · Accusoft Imagegear
Emmanuel Tacheau
·
Published
2020-02-14
·
Updated
2022-08-31
·
CVE-2020-6068
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Accusoft ImageGear version 19.5.0
Description
A specially crafted PNG file can cause an out-of-bounds write in the igcore19d.dll PNG pngread parser, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the issue.
Recommendations
For Accusoft ImageGear version 19.5.0, consider avoiding the use of the igcore19d.dll PNG pngread parser until a patch is available. As a temporary workaround, restrict the handling of PNG files from untrusted sources to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Accusoft Imagegear