CVE-2020-6068
First published: Fri Feb 14 2020(Updated: )
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AccuSoft ImageGear | =19.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-6068.
What is the severity of CVE-2020-6068?
CVE-2020-6068 has a severity of critical with a CVSS score of 8.8.
What software is affected by CVE-2020-6068?
AccuSoft ImageGear version 19.5.0 is affected by CVE-2020-6068.
How does CVE-2020-6068 exploit the system?
CVE-2020-6068 can be exploited by providing a specially crafted PNG file, which triggers an out-of-bounds write and allows remote code execution.
Is there a fix for CVE-2020-6068?
AccuSoft ImageGear users should update to a patched version or apply the necessary security patches provided by the vendor to fix CVE-2020-6068.
- collector/nvd-index
- agent/references
- agent/severity
- agent/type
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/accusoft
- canonical/accusoft imagegear
- version/accusoft imagegear/19.5.0