CVE-2021-21947

Name of the Vulnerable Software and Affected Versions Accusoft ImageGear version 19.10

Description Two heap-based buffer overflow issues exist in the JPEG-JFIF lossless Huffman image parser functionality. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these issues. The heap-based buffer overflow occurs when the SOF3 precision is greater than or equal to 9.

Recommendations For Accusoft ImageGear version 19.10, consider avoiding the use of the JPEG-JFIF lossless Huffman image parser functionality until a patch is available. As a temporary workaround, restrict the processing of files with SOF3 precision greater than or equal to 9 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.