A vulnerability has been found in AccuSoft ImageGear 19.5.0 and classified as critical. This vulnerability affects the function uncompress_scan_line in the library igcore19d.dll of the component PCX File Handler. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. The CWE definition for the vulnerability is CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

The weakness was shared 02/11/2020. This vulnerability was named CVE-2020-6064 since 01/07/2020. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 02/12/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 150038, 150037, 150036 and 150035 are related to this item.

Productinfo

Vendor

• AccuSoft

Name

• ImageGear

Version

• 19.5.0

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion