Security Experts:

Connect with us

Hi, what are you looking for?



Flaws in Accusoft ImageGear Expose Users to Remote Attacks

Critical vulnerabilities addressed in the Accusoft ImageGear library could be exploited by remote attackers to execute code on a victim machine, Cisco Talos’ security researchers report.

Critical vulnerabilities addressed in the Accusoft ImageGear library could be exploited by remote attackers to execute code on a victim machine, Cisco Talos’ security researchers report.

A document-imaging developer toolkit, ImageGear was designed to provide users with the ability to convert, create, and edit images, among others. Vulnerable functions present in the library, however, expose users’ machines to code execution.

Cisco Talos’ researchers have discovered a total of seven vulnerabilities in version 19.5.0 of the Accusoft ImageGear library, all of which are described as out-of-bounds write issues.

All seven of these vulnerabilities were identified in the igcore19d.dll library of Accusoft ImageGear, and all are remotely exploitable via specially crafted files.

With a CVSS score of 9.8, all of these vulnerabilities are considered critical severity.

Tracked as CVE-2019-5187, the first of the flaws was found in the TIF_read_stripdata function of ImageGear’s igcore19d.dll library and it can be triggered via a specially crafted TIFF file.

Two other bugs were found in the uncompress_scan_line function of the library. The vulnerabilities, which are tracked as CVE-2020-6063 and CVE-2020-6064, can be abused via specially crafted PCX files.

The vulnerability in the bmp_parsing function of the DLL is tracked as CVE-2020-6065 and can be triggered using a specially crafted BMP file.

Another flaw is tracked as CVE-2020-6067 and was found in the igcore19d.dll TIFF tifread parser. It can be triggered using a specially crafted TIFF file.

The remaining two bugs, CVE-2020-6066 and CVE-2020-6069, impact the igcore19d.dll JPEG SOFx and iJPEG jpegread precision parsers of ImageGear. Both can be triggered via specially crafted JPEG files.

An attacker looking to exploit these vulnerabilities needs to trick the targeted user into opening a malicious file with an affected version of the software.

The vendor was informed of the discovered bugs in late January and has already released a patched version of ImageGear.

Related: Code Execution Vulnerabilities Patched in Accusoft ImageGear

Related: Multiple Vulnerabilities Found in AMD ATI Radeon Graphics Cards

Related: Remote Code Execution Flaw Impacts E2fsprogs Filesystem Utility

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet