Incorrect Calculation of Buffer Size
CVE-2022-22137
Summary
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-131 - Incorrect Calculation of Buffer Size
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
References
Advisory Timeline
- Published