CVE-2021-21945

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear version 19.10

Description Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. The heap-based buffer overflow occurs when trying to copy the second 12 bits from a local variable.

Recommendations For Accusoft ImageGear version 19.10, consider avoiding the use of the TIFF parser functionality until a patch is available. As a temporary workaround, restrict the ability to upload or process specially-crafted files that could trigger the heap buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.