Improper Validation of Array Index

CVE-2021-21947

High

8.8/10

Summary

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is greater or equal than 9.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-129 - Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

Advisory Timeline

Published Apr 14, 2022

Improper Validation of Array Index

CVE-2021-21947

Summary

CWE-129 - Improper Validation of Array Index

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS