CVE-2021-21946

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear version 19.10

Description Two heap-based buffer overflow issues exist in the JPEG-JFIF lossless Huffman image parser functionality. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these issues. The heap-based buffer overflow occurs when the SOF3 precision is lower than 9.

Recommendations For Accusoft ImageGear version 19.10, consider avoiding the use of the JPEG-JFIF lossless Huffman image parser functionality until a patch is available. As a temporary workaround, restrict the processing of specially-crafted files that could trigger the heap buffer overflow. At the moment, there is no information about a newer version that contains a fix for this issue.