Francesco Benvenuto and Emmanuel Tacheau of Cisco Talos and another team member discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear.
The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF and Microsoft Office. These vulnerabilities Talos discovered could allow an attacker to cause a heap-based buffer overflow condition. All but one of these vulnerabilities — TALOS-2021-1374 — could lead to code execution on the targeted machine.
For more information on each of these issues, read their full advisories linked below:
- TALOS-2021-1362 (CVE-2021-21914)
- TALOS-2021-1367 (CVE-2021-21938)
- TALOS-2021-1368 (CVE-2021-21939)
- TALOS-2021-1371 (CVE-2021-21942)
- TALOS-2021-1373 (CVE-2021-21943)
- TALOS-2021-1374 (CVE-2021-21944 and CVE-2021-21945)
- TALOS-2021-1375 (CVE-2021-21946 and CVE-2021-21947)
There is also another vulnerability, TALOS-2021-1377 (CVE-2021-21949), that could also lead to code execution. However, in that scenario, the attacker needs to trigger a use-after-free condition.
Talos initially disclosed these vulnerabilities in February 2022 despite no known updates or patches from Accusoft, all in adherence to Cisco’s vulnerability disclosure policy. Accusoft fixed these issues and released an update on May 2, 2022.
Talos tested and confirmed Accusoft ImageGear, version 19.10, is affected by these vulnerabilities.
The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 44023 - 44026, 58046, 58047, 58073, 58074, 58100, 58101, 58153, 58154, 58220 - 58223, 58235 and 58236. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.