EUVD-2021-9120

Malicious code in bioql PyPI...

Input validation

An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21949

The CVE-2021-21949 entry maps to a concrete vulnerability in Accusoft ImageGear 19.10: an improper array index validation in the JPEG-JFIF Scan header parser can cause an out-of-bounds write, leading to potential code execution. The root cause is a mismatch in how SOS data references AC/DC Huffma...

Accusoft ImageGear JPEG-JFIF Scan header parser out-of-bounds write vulnerability

Summary An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this...

Php-Jpeg-Injector - Injects Php Payloads Into Jpeg Images

Injects php payloads into jpeg images. Related to this post. Use Case You have a web application that runs a jpeg image through PHP's GD graphics library. Description This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image...