CVE-2021-21938

Опубликовано: 14 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Ссылки

http://help.accusoft.com/ImageGear/v20.0/Windows/DLL/webframe.html
Product
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1367
Exploit
Third Party Advisory
http://help.accusoft.com/ImageGear/v20.0/Windows/DLL/webframe.html
Product
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1367
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accusoft:imagegear:19.10:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00791

Низкий

9.8 Critical

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-193

Связанные уязвимости

GHSA-453x-fr3c-fmj5

CVSS3: 8.8

github

почти 4 года назад

EPSS

Процентиль: 73%

0.00791

Низкий

9.8 Critical

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-193