58 matches found
CVE-2020-6068
The CVE-2020-6068 issue affects Accusoft ImageGear 19.5.0, specifically the igcore19d.dll PNG pngread parser. The vulnerability is an out-of-bounds write in the PNG reading path that can be triggered by loading a crafted PNG file, potentially enabling remote code execution. Public documents (e.g....
CVE-2019-5187
An out-of-bounds write in ImageGear igcore19d.dll (TIF_read_stripdata) of version 19.5.0 enables remote code execution when processing certain TIFF strips. The vulnerability arises during stripe data handling: dstBuffer size is computed via two paths using imagewidth (ImageWidth tag) and bits-per...
CVE-2022-23400
CVE-2022-23400 describes a stack-based buffer overflow in Accusoft ImageGear 19.10, specifically IGXMPXMLParser::parseDelimiter when processing PSD inputs. The TALOS analysis shows a 256-byte destination buffer (buffer_ovw) that can overflow due to mis-calculated shifts when parsing XMP/PSD data,...
CVE-2019-5132
CVE-2019-5132 affects Accusoft ImageGear 19.3.0 (igcore19d.dll GEM Raster parser). A crafted GEM file can trigger an out-of-bounds write, resulting in remote code execution. Root cause: out-of-bounds write in the GEM Raster parser. Exploitation requires a malformed file; TALOS notes the vulnerabi...
CVE-2021-21938
A CVE-2021-21938 issue affects Accusoft ImageGear 19.10, specifically the Palette box parser. A heap-based buffer overflow arises from an off-by-one error in computing the number of bytes to allocate for the Palette box data, causing a too-small destination buffer and a subsequent overflow during...
CVE-2019-5133
CVE-2019-5133 : Accusoft ImageGear 19.3.0 exports an exploitable out-of-bounds write in the BMP parser (igcore19d.dll) via the IG_mpi_page_set routine. A specially crafted BMP file can drive a write beyond the allocated dstBuffer, leading to memory corruption and remote code execution. The vulner...
CVE-2022-29465
CVE-2022-29465 affects Accusoft ImageGear 20.0; the PSD Header processing memory allocation pathway is vulnerable to an out-of-bounds write. The root cause is a miscalculated allocation size in allocation_function_mem, where _size_buffer_alloc is derived from width and product_of_numchannel_bits_...
CVE-2022-22137
CVE-2022-22137 describes a memory-corruption vulnerability in the Accusoft ImageGear 19.10 library, caused by a boundary/size calculation error in ioca_mys_rgb_allocate. A crafted IOCA file can trigger a use-after-free via a malformed table_mys_rgb_ptr, potentially leading to arbitrary code execu...
CVE-2019-5076
CVE-2019-5076 is an out-of-bounds write vulnerability in Accusoft ImageGear 19.3.0, specifically in igcore19d.dll PNG header-parser (IHDR width handling). A malformed PNG IHDR Width value can cause an out-of-bounds write, enabling remote code execution. Talos details confirm the affected product/...
CVE-2021-21939
Summary of CVE-2021-21939 (Accusoft ImageGear XWD parser) : The heap-based buffer overflow exists in the XWD parser of ImageGear 19.10. A specially crafted XWD file can trigger the overflow during bitmap row processing due to a missing size check in raster size computation and a mismatch between ...
CVE-2023-32284
Summary: CVE-2023-32284 is an out-of-bounds write in the Accusoft ImageGear 20.1 library, specifically in the tiff_planar_adobe functionality. The flaw arises from a missing bounds check in a loop that copies raster data when bits_per_channel == 8. The loop uses max_loop, derived from image width...
CVE-2019-5083
CVE-2019-5083 affects Accusoft ImageGear 19.3.0: the igcore19d.dll TIF_decode_thunderscan function contains an out-of-bounds write that enables remote code execution when processing a crafted TIFF file. The TALOS advisory confirms the vulnerability in ImageGear 19.3.0 and notes a public mitigatio...
CVE-2021-21942
The CVE-2021-21942 entry concerns Accusoft ImageGear 19.10 and the TIFF YCbCr image parser. The root cause is a missing size check in the TIFF_YCbCr_to_RGB conversion when handling YCbCrSubsampling, combined with how buffers are allocated for dst_ptr across YC bCr horizontal subsampling. This can...
CVE-2021-21947
CVE-2021-21947 affects Accusoft ImageGear 19.10. The JPEG-JFIF lossless Huffman parser has two heap-based buffer overflow vulnerabilities triggered by loading JPEG data; the overflow occurs in the lossless path when SOF3 precision is >= 9 (and also discussed for precision
CVE-2021-21949
The CVE-2021-21949 entry maps to a concrete vulnerability in Accusoft ImageGear 19.10: an improper array index validation in the JPEG-JFIF Scan header parser can cause an out-of-bounds write, leading to potential code execution. The root cause is a mismatch in how SOS data references AC/DC Huffma...
CVE-2020-6066
CVE-2020-6066 affects Accusoft ImageGear 19.5.0, specifically igcore19d.dll JPEG SOFx parser. A malformed JPEG can trigger an out-of-bounds write in the SOFx code path, enabling remote code execution. Talos reports 19.5.0 as affected and notes an official update to 19.6 is available to resolve th...
CVE-2021-21946
CVE-2021-21946 affects Accusoft ImageGear 19.10’s JPEG-JFIF lossless Huffman image parser. The vulnerability arises in process_jpeg_lossless (and buffer allocation in allocate_buffer_for_jpeg_decoding) where per-component buffers are sized via a formula (standardized_width = (X_image * subsamplin...
CVE-2020-6082
Summary: CVE-2020-6082 is a documented out-of-bounds write in the ICO reader of the Accusoft ImageGear 19.6.0 library (igcore19d.dll), caused by an improper size calculation in ico_read. An attacker can trigger a remote code execution by feeding a malformed ICO file. Public details include the vu...
CVE-2021-21824
CVE-2021-21824 affects Accusoft ImageGear 19.9 and involves an out-of-bounds write in the JPG Handle_JPEG420 function, leading to memory corruption when processing malformed JPEG files. The TALOS report details a buffer/stride issue in handle_JPEG420 that can crash or potentially be exploited via...
CVE-2022-32588
Summary of CVE-2022-32588 (Accusoft ImageGear 20.0) The vulnerability exists in the PICT parsing path, specifically in the pctwread_14841 function chain. It stems from a missing minimum-size check when processing a malformed PICT file, causing an out-of-bounds heap write and memory corruption. Te...
CVE-2020-6064
CVE-2020-6064 affects Accusoft ImageGear 19.5.0 (igcore19d.dll). Talos and Red Hat disclosures describe an exploitable out-of-bounds write in uncompress_scan_line used to decompress PCX data, triggered by a malformed PCX file. The issue stems from insufficient sanity checks and buffer sizing: com...
CVE-2021-21914
Accusoft ImageGear 19.10 contains a heap-based buffer overflow in DecoderStream::Append. The root cause is an integer overflow in allocation size (malloc_mem_wrap) that can allocate a too-small/overrunable heap buffer, leading to overflows in read_data_from_file and the function pointer fetch, en...
CVE-2021-40398
CVE-2021-40398 affects Accusoft ImageGear 19.10 and is caused by an out-of-bounds write in parse_raster_data, specifically in the write_into_dest_buffer path. The vulnerability arises from flawed bound checks when calculating memcpy size (memcpy_size) against the destination buffer, where dest_bu...
CVE-2020-13585
CVE-2020-13585 affects Accusoft ImageGear 19.8 PSD header processing. The vulnerability arises from a buffer allocation bug in psd_header_processing: alloc_size is derived from image width and bit depth, and _oobw_buffer is allocated via AF_memm_alloc using size from file data; AF_memm_alloc wrap...
CVE-2020-6076
CVE-2020-6076 affects Accusoft ImageGear 19.5.0 (igcore19d.dll ICO icoread parser). A crafted ICO file can trigger an out-of-bounds write in the ICO parser, enabling remote code execution. The Intel/Root cause is an out-of-bounds write in memcpy handling within igcore19d.dll, with memory corrupti...
CVE-2023-28393
CVE-2023-28393 affects Accusoft ImageGear 20.1, specifically the tif_processing_dng_channel_count function. Talos details show a stack-based buffer overflow caused by a missing bounds check when processing TIFF data; the code writes a fixed value (0x10) into a two-element stack array based on max...
CVE-2023-39453
The CVE-2023-39453 entry details a use-after-free in Accusoft ImageGear 20.1’s tif_parse_sub_IFD handling, where recursion frees the same IFD buffer multiple times, leading to an access violation and arbitrary code execution in the affected path. The Talos report confirms a real vulnerability wit...
CVE-2020-13572
CVE-2020-13572 describes a heap overflow in the GIF LZW decoder used by Accusoft ImageGear 19.8. The vulnerability occurs while decoding LZW streams in the GIF parser, where a destination index can overflow the allocated heap buffer, potentially allowing arbitrary code execution when processing s...
CVE-2007-2209
A concrete vulnerability described across multiple sources: Buffer overflow in igcore15d.dll versions 15.1.2.0 and 15.2.0.0 used by AccuSoft ImageGear, including Corel Paint Shop Pro Photo 11.20, may allow user-assisted remote code execution via a crafted .CLP file. The underlying issue is a buff...
CVE-2020-13561
CVE-2020-13561 is an out-of-bounds write vulnerability in the TIFF parser of Accusoft ImageGear 19.8. The TALOS analysis describes a flaw in the image processing pipeline (sigread buffer handling) that can be triggered by a malformed TIFF file, leading to memory corruption and potential code exec...
CVE-2021-21943
Accusoft ImageGear 19.10 is affected via a heap-based buffer overflow in the XWD parser (xwdread_pixmapformat_0_or_1). A malformed XWD file can cause a write past a dst_buff allocated using a size derived from PixmapWidth, without validating against BytesPerLine, enabling potential code execution...
CVE-2020-13571
CVE-2020-13571 affects Accusoft ImageGear 19.8, specifically the SGI RLE decompression path. The Talos analysis details an out-of-bounds write in sgiread (sgiread.c) caused by a missing input-size check in the RLE decoding flow, leading to a memory overwrite during a ReadFile/IO_read sequence. Ke...
CVE-2020-6067
CVE-2020-6067 affects Accusoft ImageGear 19.5.0 (igcore19d.dll) TIFF tifread parser. A crafted TIFF file can trigger an out-of-bounds write, enabling remote code execution. Affected product/version: ImageGear 19.5.0. Root cause: out-of-bounds write in tifread handling. Public disclosures include ...
CVE-2020-6094
The vulnerability CVE-2020-6094 affects Accusoft ImageGear 19.4–19.6 (igcore19d.dll). A TIFF file can cause an out-of-bounds write in fill_in_raster due to an integer overflow in compute_size_from_bibitWidth_operations, which computes heap_buffer size from SamplesPerPixel and biWidth. An attacker...
CVE-2020-6069
CVE-2020-6069 affects Accusoft ImageGear 19.5.0 (igcore19d.dll) JPEG jpegread precision parser. A crafted JPEG file can trigger an out-of-bounds write, enabling remote code execution. The TALOS advisory confirms a code-execution path in the igcore19d.dll with a 19.5.0 target and notes a fix/updat...
CVE-2021-21784
CVE-2021-21784 affects Accusoft ImageGear 19.8 and concerns an out-of-bounds write in JPG SOF marker processing. The issue stems from buffer size calculations during rasterization for multiple SOF markers: a miscalculation of width/precision can cause a do-while loop to write beyond the allocated...
CVE-2023-23567
Accusoft ImageGear 20.1 is affected by CVE-2023-23567 in the CreateDIBfromPict functionality. Talos reports a heap-based buffer overflow caused by a mis-sized heap buffer when processing DirectBitsRect/PICt data, allowing potential arbitrary code execution via a specially crafted file. The vulner...
CVE-2023-32653
CVE-2023-32653 is an out-of-bounds write vulnerability in Accusoft ImageGear 20.1, specifically in the dcm_pixel_data_decode function. A specially crafted malformed file can trigger an arbitrary code execution when opened by the victim. Talos reports the vulnerable version as ImageGear 20.1, and ...
CVE-2020-6065
An exploitable out-of-bounds write exists in Accusoft ImageGear igcore19d.dll v19.5.0, in bmp_parsing. The issue stems from calculating total_width as 4 * width without overflow protection, leading to an incorrect allocation and out-of-bounds writes while parsing BMP data, enabling remote code ex...
CVE-2021-21773
The CVE-2021-21773 entry concerns Accusoft ImageGear 19.8, where an out-of-bounds write vulnerability in the TIFF header count-processing functionality can lead to memory corruption when processing a specially crafted file. The issue is triggered by a malformed TIFF header processing path and is ...
CVE-2021-21833
An explicit vulnerability in Accusoft ImageGear 19.9 affects IP_planar_raster_unpack for TIF processing, enabling an out-of-bounds write via a malformed file. TALOS details show an improper array index validation in IP_planar_raster_unpack, with a crash/AV in igCore19d!IG_mpi_page_set when writin...
CVE-2021-21782
CVE-2021-21782 affects Accusoft ImageGear 19.8, specifically the SGI format buffer size processing. The root cause is an out-of-bounds memory write during SGI parsing, where the allocated size and subsequent memcpy size are taken from the SGI header, enabling memory corruption and potential code ...
CVE-2020-6075
CVE-2020-6075 concerns a out-of-bounds write in Accusoft ImageGear 19.5.0 (igcore19d.dll) triggered by a malformed PNG, enabling remote code execution. The vulnerability stems from store_data_buffer copying from src_buffer to dst_buffer with a loop controlled by size; an incorrect cast (signed/un...
CVE-2021-21807
CVE-2021-21807 affects Accusoft ImageGear 19.9 (DICOM parse_dicom_meta_info). A vulnerability in parse_dicom_meta_info’s _size handling causes a stack-based buffer overflow when processing a specially crafted DICOM file. The issue is triggered via perform_some_read_operations using a size value o...
CVE-2021-21821
CVE-2021-21821 is a stack-based buffer overflow in the PDF process_fontname function of Accusoft ImageGear 19.9. The TALOS report documents a vulnerable path in process_fontname where a 256-byte local buffer b_ovf can be overflowed by a long fontname read from a PDF, with the overflow triggered b...
CVE-2021-21794
CVE-2021-21794 affects Accusoft ImageGear 19.9. The flaw is an out-of-bounds write in the TIF bits_per_sample processing path, caused by an unsafe GetCopyBufferAllocatedWithPixpos-derived pointer, which can allow a crafted TIF file to trigger a memory overwrite via wrapper_memcpy. TALOS documents...
CVE-2021-21944
CVE-2021-21944 (and related CVE-2021-21945) describe heap-based buffer overflow issues in the TIFF parser of Accusoft ImageGear 19.10. TALOS details show the vulnerability resides in the TIFF parsing path (FUN_10074d50) when BitsPerSample is 0xC, with a writing pattern that can exceed dest_buff b...
CVE-2021-21776
CVE-2021-21776 describes an out-of-bounds write in Accusoft ImageGear 19.8 during SGI file parsing. The vulnerability stems from the SGI_Format_Buffer_Size_Processing path where a small destination buffer is allocated using SGI_XSIZE, but a subsequent memcpy uses a size controlled by the SGI file...
CVE-2021-21793
CVE-2021-21793 affects Accusoft ImageGear 19.8 and 19.9. The vulnerability is an out-of-bounds write in the JPG sof_nb_comp header processing path, caused by reading nr_comp_sos from the SOF object and allocating a color table buffer (_color_table_data) based on that value. If nr_comp_sos is deri...
CVE-2021-21795
The CVE-2021-21795 issue affects Accusoft ImageGear 19.9, specifically the PSD read_icc_icCurve_data function. A misparsed PSD tag counts value (curve_data->count) is read from the file; when count is large (e.g., 0x80000001), the code allocates buffer_for_curves_values using count <