Flaws in Accusoft ImageGear Expose Users to Remote Attacks
Accusoft ImageGear reported that they had discovered seven vulnerabilities in version 19.5.0 of its ImageGear library. The flaws allow remote attackers to execute code on a victim’s machine, according to a report published by security researchers at Cisco Talos. ImageGear is a document imaging developer toolkit, designed to create, convert, and edit images.
All of the vulnerabilities are remotely exploitable via specially crafted files and all seven were given a CVSS score of 9.8, meaning they are all considered critical severity. The flaws were first tracked as CVE-2019-5187 and found in the TIF_read_stripdata function of ImageGear’s library function.