First published: Thu Apr 14 2022(Updated: )
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is lower than 9.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
AccuSoft ImageGear | =19.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21946 is a vulnerability that exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10, allowing a specially-crafted file to trigger a heap buffer overflow.
CVE-2021-21946 has a severity rating of critical with a CVSS score of 8.8.
Accusoft ImageGear is a software library used for image processing and conversion.
CVE-2021-21946 affects the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10, allowing a specially-crafted file to trigger a heap buffer overflow.
It is recommended to update to a patched version of Accusoft ImageGear to fix CVE-2021-21946.