CVE-2021-40398

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear version 19.10

Description An out-of-bounds write issue exists in the parse raster data functionality. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this issue. The ImageGear library is a document-imaging developer toolkit that offers image conversion, creation, editing, annotation, and more, supporting over 100 formats.

Recommendations For Accusoft ImageGear version 19.10, consider avoiding the use of the parse raster data functionality until a patch is available. As a temporary workaround, restrict the processing of malformed files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.