Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contains the entire document imaging lifecycle. This vulnerability is present in the Accusoft ImageGear library,

which is a document-imaging developer toolkit.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Accusoft to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details Accusoft ImageGear TIFF TIF_decode_thunderscan code execution vulnerability (TALOS-2019-0875/CVE-2019-5083)

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIF_decode_thunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear PNG IHDR width code execution vulnerability (TALOS-2019-0865/CVE-2019-5076)

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear GEM raster code execution vulnerability (TALOS-2019-0921/CVE-2019-5132)

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear BMP code execution vulnerability (TALOS-2019-0922/CVE-2019-5133)

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested Talos tested and confirmed that Accusoft ImageGear, version 19.3.0, is affected by these vulnerabilities.

CoverageThe following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 3132, 32889, 50806, 50807, 51530, 51531, 52033, 52034