Accusoft ImageGear ÐÞ¸´¶à¸öRCEÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2019-12-05

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-5083£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-5076£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-5132£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-5133£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Accusoft ImageGear 19.3.0°æ±¾


Îó²î¸ÅÊö


Accusoft ImageGearÊÇÃÀ¹úAccusoft¹«Ë¾µÄÒ»¿îÓÃÓÚͼÏñ´¦Öóͷ£µÄÈí¼þ¿ª·¢¹¤¾ß°ü£¨SDK£©¡£Ë¼¿ÆTalos·¢Ã÷AccusoftµÄÎĵµºÍͼƬ´¦Öóͷ£¿âImageGear±£´æ¶à¸öRCEÎó²î¡£¹¥»÷ÕßÖ»ÐèҪ˵·þʹÓÃÒ×Êܹ¥»÷°æ±¾µÄÊܺ¦Õß·­¿ª¶ñÒâÎļþ¼´¿ÉʹÓÃÕâЩÎó²î¡£Îó²îÐÅÏ¢ÈçÏ£º


CVE-2019-5083£ºÔ½½çдÈëÎÊÌ⣬¿Éͨ¹ýÌØÊâ½á¹¹µÄ TIFF Îļþ´¥·¢Ô¶³ÌÖ´ÐдúÂ룬ӰÏì igcore19d.dll TIF_decode_thunderscanº¯Êý¡£


CVE-2019-5076£ºÓ°Ïì¸Ã¹¤¾ß°üµÄ igcore19d.dll PNG Í·²¿ÆÊÎöÆ÷¡£¹¥»÷Õß¿ÉʹÓöñÒâPNGÎļþÒý·¢½çÍâдÈë²¢Ô¶³ÌÖ´ÐдúÂë¡£


CVE-2019-5132£º±£´æÓÚ ImageGear µÄigcore19d.dll GEM Raster ÆÊÎöÆ÷ÖУ¬ÒªÇóÌØÊâ½á¹¹µÄ GEM ÎļþÔÚÊÜÓ°ÏìϵͳִÐдúÂë¡£


CVE-2019-5133£ºÓ°Ïì¸Ã¿âµÄ igcore19d.dll BMP ÆÊÎöÆ÷¡£¶¨ÖÆ»¯µÄ BMP Îļþ¿É´¥·¢½çÍâдÈ룬´Ó¶øÖ´ÐдúÂë¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£ºhttps://www.accusoft.com¡£


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-accusoft-PNG-dec-19.html