IronOCR Security CVE: Keep Your Data Safe
Please see information below regarding IronOCR:
- All Iron Software products are DigiCert certified.
- IronOCR does not use web services nor send data across the internet to perform OCR.
- No COM or COM+ interfaces are exposed in the IronOcr.dll.
- The library is written in C#, which protects implicitly from many common attack vectors.
- As few entry points as possible to the API are exposed.
- Strong naming and sophisticated tamper protection are implemented.
- The library is regularly scanned with multiple anti-virus and anti-malware scanners, using the highest security and heuristic search for potential threats.
- Every line of code goes through at least two levels of human review by senior engineers to check for security vulnerabilities.
- We will disclose that IronOCR will access unmanaged (C++) code:
tesseract.dll- No direct executable entry point to this DLL is distributed nor exposed.pdfium.dll- No direct executable entry point to this DLL is distributed nor exposed.leptonica.dll- No direct executable entry point to this DLL is distributed nor exposed.imagemagick.dll- No direct executable entry point to this DLL is distributed nor exposed.
- IronOCR makes use of the following .NET dependencies, none of which are known to us as a security attack vector, particularly as every object is internalized to our library (static linking) with no public or external access: Link
- ZXing.Net
- Tesseract.Net
- PdfiumLight
- Magick.NET-Q8-AnyCPU
- LibPdfium
- PdfiumLight
- ICSharpCode.SharpZipLib
