PT-2020-2721 · Accusoft · Accusoft Imagegear

Emmanuel Tacheau

Published

2020-02-19

Updated

2022-05-12

CVE-2020-6094

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear versions 19.4 through 19.6

Description The issue is related to an exploitable code execution problem in the TIFF fillinraster function of the igcore19d.dll library, which can be triggered by a specially crafted TIFF file. This can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to exploit this issue.

Recommendations For Accusoft ImageGear versions 19.4 through 19.6, consider restricting access to the TIFF fillinraster function of the igcore19d.dll library until a patch is available. As a temporary workaround, avoid using the igcore19d.dll library for processing TIFF files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

BDU:2020-02797

CVE-2020-6094

Affected Products

Accusoft Imagegear

PT-2020-2721 · Accusoft · Accusoft Imagegear

CVE-2020-6094

Weakness Enumeration

Related Identifiers

Affected Products

References · 9