CVE-2021-21945
CVE-2021-21945 is a high-severity vulnerability in Accusoft Imagegear with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-122.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- CVSS v2: 6.8
- EPSS exploit prediction: 1% (61st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-122
- Affected product: Accusoft Imagegear
- Published:
- Last modified:
Description
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the second 12 bits from local variable.
Frequently asked questions
- What is CVE-2021-21945?
- Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the second 12 bits from local variable.
- How severe is CVE-2021-21945?
- CVE-2021-21945 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2021-21945 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (61st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-21945?
- CVE-2021-21945 affects Accusoft Imagegear. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2021-21945?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2021-21945 published?
- CVE-2021-21945 was published on 2022-04-14 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:accusoft:imagegear:19.10:*:*:*:*:*:*:*
More vulnerabilities in Accusoft Imagegear
- CVE-2023-40163 — Critical (CVSS 9.8): An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft…
- CVE-2023-39453 — Critical (CVSS 9.8): A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially…
- CVE-2023-35002 — Critical (CVSS 9.8): A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A…
- CVE-2023-32653 — Critical (CVSS 9.8): An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A…
- CVE-2022-29465 — Critical (CVSS 9.8): An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft…
- CVE-2021-21938 — Critical (CVSS 9.8): A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10.…
All CVEs affecting Accusoft Imagegear →
Other CWE-122 (Heap-based Buffer Overflow) vulnerabilities
- CVE-2026-46752 — Critical (CVSS 10.0): Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from…
- CVE-2026-24822 — Critical (CVSS 10.0): Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is…
- CVE-2025-23123 — Critical (CVSS 10.0): A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a…
- CVE-2022-34819 — Critical (CVSS 10.0): A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions <…
- CVE-2026-44050 — Critical (CVSS 9.9): A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote…
- CVE-2026-49841 — Critical (CVSS 9.8): FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to…
Browse all CWE-122 (Heap-based Buffer Overflow) vulnerabilities →