A Cisco Talos researcher Emmanuel Tacheau discovered multiple vulnerabilities in Accusoft ImageGear.
The ImageGear library is a powerful tool that enables users to create, annotate, edit, and convert various images. It works seamlessly with over 100 file formats such as PDF, DICOM, and Microsoft Office.
These vulnerabilities Emmanuel Tacheau discovered could allow an attacker to execute arbitrary code and corrupt a machine’s memory.
The first set of flaws are out-of-bounds write vulnerabilities, and are tracked as TALOS-2021-1257 (CVE-2021-21793), TALOS-2021-1261 (CVE-2021-21794), and TALOS-2021-1289 (CVE-2021-21824). These are the out-of-bounds exploits that can cause a serious security issue with a wide variety of functions of the platform.
To exploit the bugs, an attacker could trick a user into opening a malicious file and then perform an attack.
Another set of bugs contains buffer overflow vulnerabilities – TALOS-2021-1264 (CVE-2021-21795), TALOS-2021-1276 (CVE-2021-21808), TALOS-2021-1286 (CVE-2021-21821), and TALOS-2021-1275 (CVE-2021-21807). These issues could be triggered with a malicious file to cause memory corruption on a vulnerable system.
Also, Talos described a vulnerability tracked as TALOS-2021-1296 that could cause an array index validation error. This issue could lead to an out-of-bounds write and RCE.
In adherence to Cisco’s vulnerability disclosure policy, Cisco Talos worked with Accusoft to resolve the issues and provide an update for the affected customers prior public disclosure.
Users are asked to update Accusoft ImageGear, versions 19.8 and 19.9, as soon as possible.
The following SNORT rules can be used to detect exploitation attempts of the vulnerability: 54411 – 54414, 57249 – 57252, 57270 – 57273, 57301, 57302, 57378, 57379
