关键信息 CVE Number: CVE-2020-13585 Summary: An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions: Accusoft ImageGear 19.8 Product URLs: https://www.accusoft.com/products/imagegear-collection/ CVSSv3 Score: 9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE: CWE-131 - Incorrect Calculation of Buffer Size Details: There is a vulnerability in the function, due to a buffer overflow caused by a missing check of the allocation size. A specially crafted PSD file can lead to an out-of-bounds write which can result in a memory corruption. Crash Information: The crash is happening at [1]. We can see the write into the buffer is happening through a do-while loop controlled by the variable [2], taken directly from the file. Going backward we can see the , previously assigned from [3], is allocated through a call to [4] with a size of [5]. The size of the buffer is directly computed from a value issued from the file and the issue is happening when is null. We can see that is a wrapper for .