Vulnerability Spotlight: Accusoft ImageGear library code execution vulnerabilities

By Jonathan Munshaw

Monday, February 10, 2020 10:27

Vulnerability Spotlight

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered three code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion,

creation, editing and more. There are vulnerabilities in certain functions of ImageGear that could allow an attacker to execute code on the victim machine.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Accusoft to ensure that these issues are resolved and that an update (link will generate a download) is available for affected customers.

Vulnerability details Accusoft ImageGear TIFF TIF_read_stripdata code execution vulnerability (TALOS-2019-0972/CVE-2019-5187)

An exploitable out-of-bounds write vulnerability exists in the TIF_read_stripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear PCX uncompress_scan_line buffer size computation code execution vulnerability (TALOS-2020-0986/CVE-2020-6063)

An exploitable out-of-bounds write vulnerability exists in the `uncompress_scan_line` function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear PCX uncompress_scan_line buffer copy operation code execution vulnerability (TALOS-2020-0987/CVE-2020-6064)

An exploitable out-of-bounds write vulnerability exists in the `uncompress_scan_line` function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear BMP bmp_parsing buffer size computation code execution vulnerability (TALOS-2020-0989/CVE-2020-6065)

An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear JPEG SOFx code execution vulnerability (TALOS-2020-0990/CVE-2020-6066)
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear TIFF tifread code execution vulnerability (TALOS-2020-0991/CVE-2020-6067)
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear JPEG jpegread precision code execution vulnerability (TALOS-2020-0993/CVE-2020-6069)
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested Talos tested and confirmed that version 19.5.0 of Accusoft ImageGear is affected by these vulnerabilities.

Coverage The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 52490 - 52493, 53015, 53016, 53032 - 53035