PT-2022-9206 · Accusoft · Accusoft Imagegear

Francesco Benvenuto

Published

2022-04-14

Updated

2023-06-26

CVE-2021-21943

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear version 19.10

Description A heap-based buffer overflow issue exists in the XWD parser functionality. This can be triggered by a specially-crafted file, potentially leading to code execution. An attacker can exploit this by providing a malicious file.

Recommendations For Accusoft ImageGear version 19.10, consider avoiding the use of the XWD parser functionality until a patch is available. As a temporary workaround, restrict the processing of untrusted files to minimize the risk of exploitation.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1284CWE-122

Related Identifiers

CVE-2021-21943

Affected Products

Accusoft Imagegear

PT-2022-9206 · Accusoft · Accusoft Imagegear

CVE-2021-21943

Weakness Enumeration

Related Identifiers

Affected Products

References · 3