Eight vulnerabilities have recently been discovered in Accusofts ImageGear software by the Cisco Talos team. These vulnerabilities can cause issues such as memory corruption and remote code execution. The first three, TALOS-2021-1257 (CVE-2021-21793), TALOS-2021-1261 (CVE-2021-21794) and TALOS-2021-1289 (CVE-2021-21824) could all be triggered by an attacker getting the victim to open a malicious file. The second batch, TALOS-2021-1264 (CVE-2021-21795), TALOS-2021-1276 (CVE-2021-21808), TALOS-2021-1286 (CVE-2021-21821) and TALOS-2021-1275 (CVE-2021-21807) if executed correctly could lead to memory corruption. Lastly, Talos also found TALOS-2021-1296 (CVE-2021-21833) which could eventually lead to remote code execution.
Accusoft and Cisco have worked together to put out an update that will mitigate these issues. It is advised that any ImageGear version 19.8 and 19.9 users implement the update as soon as possible. A list of SNORT rules has also been released, those include, 54411 – 54414, 57249 – 57252, 57270 – 57273, 57301, 57302, 57378, 57379.