PT-2021-14790 · Accusoft · Accusoft Imagegear

Emmanuel Tacheau

Published

2021-06-11

Updated

2022-07-29

CVE-2021-21808

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear version 19.9

Description A memory corruption issue exists in the PNG png palette process functionality. This can be triggered by a specially crafted malformed file, leading to a heap buffer overflow. An attacker can exploit this by providing malicious inputs.

Recommendations For Accusoft ImageGear version 19.9, consider avoiding the use of the PNG png palette process functionality until a patch is available. As a temporary workaround, restrict the processing of malformed files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-119

Related Identifiers

CVE-2021-21808

Affected Products

Accusoft Imagegear

PT-2021-14790 · Accusoft · Accusoft Imagegear

CVE-2021-21808

Weakness Enumeration

Related Identifiers

Affected Products

References · 3