Tuesday, June 1, 2021

Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear



Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear.

The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF, Microsoft Office. These vulnerabilities Talos discovered could allow an attacker to carry out various malicious actions, including corrupting memory on the victim machine and executing remote code.

TALOS-2021-1257 (CVE-2021-21793), TALOS-2021-1261 (CVE-2021-21794) and TALOS-2021-1289 (CVE-2021-21824) are all out-of-bounds write vulnerabilities that exist in various functions of the software. An attacker could trigger these vulnerabilities by tricking a user into opening a specially crafted, malicious file.

TALOS-2021-1264 (CVE-2021-21795), TALOS-2021-1276 (CVE-2021-21808), TALOS-2021-1286 (CVE-2021-21821) and TALOS-2021-1275 (CVE-2021-21807) are buffer overflow vulnerabilities that could also be triggered with a malicious file. These vulnerabilities could all lead to memory corruption if exploited.

Talos also discovered TALOS-2021-1296 (CVE-2021-21833), a vulnerability that could cause an improper array index validation. This could lead to an out-of-bounds write, and eventually, remote code execution.

Cisco Talos worked with Accusoft to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy

Users are encouraged to update these affected products as soon as possible: Accusoft ImageGear, versions 19.8 and 19.9. Talos tested and confirmed these versions of ImageGear could be exploited by these vulnerabilities. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 54411 - 54414, 57249, 57250, 57301, 57302, 57378, 57379, 57509 and 57510.

Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.