IronOCR - Security CVE
Please see information below regarding IronOCR:
- All Iron Software products are DigiCert certified
- IronOCR does not use web services nor send data across the internet to perform OCR
- No COM or COM+ interfaces are exposed in the IronOcr.dll
- The library is written in C# which protects implicitly from many common attack vectors
- As few entry points as possible to the API are exposed
- Strong naming and sophisticated tamper protection
- Library is regularly scanned with multiple anti-virus/anti-malware scanners, using the highest security and heuristic search for potential threats
- Every line of code goes though at least two levels of human review by senior engineers to check for security vulnerabilities
- We will disclose that IronOCR will access un-managed (C++) code:
terreract.dll
- No direct executable entry point to this DLL is distributed nor exposed
pdfium.dll
- No direct executable entry point to this DLL is distributed nor exposed
leptonica.dll
- No direct executable entry point to this DLL is distributed nor exposed
imagemagick.dll
- No direct executable entry point to this DLL is distributed nor exposed - IronOCR makes use of following .NET dependencies - none of which are known to us as a security attack vector - particularly as every object is internalized to our library (static linking) with no public or external access https://ironsoftware.com/csharp/ocr/docs/license/credits/