SB2021060207 - Multiple vulnerabilities in Accusoft ImageGear
Published: June 2, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2021-21821)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the PDF process_fontname functionality. A remote unauthenticated attacker can use a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2021-21795)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the PSD read_icc_icCurve_data functionality. A remote attacker can use a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2021-21793)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the JPG sof_nb_comp header processing functionality. A remote attacker can use a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Buffer overflow (CVE-ID: CVE-2021-21794)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the TIF bits_per_sample processing functionality. A remote attacker can use a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2021-21808)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the PNG png_palette_process functionality. A remote attacker can use a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Integer overflow (CVE-ID: CVE-2021-21807)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the DICOM parse_dicom_meta_info functionality. A remote attacker can use a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2021-21824)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the JPG Handle_JPEG420 functionality. A remote attacker can use a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Buffer overflow (CVE-ID: CVE-2021-21833)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the TIF IP_planar_raster_unpack functionality. A remote attacker can use a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1286
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1264
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1257
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1261
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1276
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1275
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1289
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1296