Tuesday, September 1, 2020

Vulnerability Spotlight: Code execution, memory corruption vulnerabilities in Accusoft ImageGear

 

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered two vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, 
creation, editing and more. There are vulnerabilities in certain functions of ImageGear that could allow an attacker to execute code on the victim machine or corrupt the memory of the application.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Accusoft to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Accusoft ImageGear TIFF handle_COMPRESSION_PACKBITS memory corruption vulnerability (TALOS-2020-1095/CVE-2020-6151)

A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Accusoft ImageGear DICOM parse_dicom_meta_info code execution vulnerability (TALOS-2020-1096/CVE-2020-6152)

A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities affect Accusoft ImageGear, version 9.7.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 54411 - 54413, 54390

No comments:

Post a Comment