CVE-2022-23400

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear version 19.10

Description A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality. A specially-crafted PSD file can overflow a stack buffer, potentially leading to denial of service or an information leak, depending on the application. An attacker can trigger this issue by providing a malicious file.

Recommendations For Accusoft ImageGear version 19.10, consider disabling the IGXMPXMLParser::parseDelimiter functionality until a patch is available to prevent potential exploitation. Additionally, restrict the handling of PSD files from untrusted sources to minimize the risk of triggering this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.