Accusoft ImageGear reported that they had discovered seven vulnerabilities in version 19.5.0 of its ImageGear library. The flaws allow remote attackers to execute code on a victim’s machine, according to a report published by security researchers at Cisco Talos. ImageGear is a document imaging developer toolkit, designed to create, convert, and edit images.
All of the vulnerabilities are remotely exploitable via specially crafted files and all seven were given a CVSS score of 9.8, meaning they are all considered critical severity. The flaws were first tracked as CVE-2019-5187 and found in the TIF_read_stripdata function of ImageGear’s library function.
Read More: Flaws in Accusoft ImageGear Expose Users to Remote Attacks