IronOCR - Security CVE

Please see information below regarding IronOCR:

  1. All Iron Software products are DigiCert certified
  2. IronOCR does not use web services nor send data across the internet to perform OCR
  3. No COM or COM+ interfaces are exposed in the IronOcr.dll
  4. The library is written in C# which protects implicitly from many common attack vectors
  5. As few entry points as possible to the API are exposed
  6. Strong naming and sophisticated tamper protection
  7. Library is regularly scanned with multiple anti-virus/anti-malware scanners, using the highest security and heuristic search for potential threats
  8. Every line of code goes though at least two levels of human review by senior engineers to check for security vulnerabilities
  9. We will disclose that IronOCR will access un-managed (C++) code:
    terreract.dll - No direct executable entry point to this DLL is distributed nor exposed
    pdfium.dll - No direct executable entry point to this DLL is distributed nor exposed
    leptonica.dll - No direct executable entry point to this DLL is distributed nor exposed
    imagemagick.dll - No direct executable entry point to this DLL is distributed nor exposed
  10. IronOCR makes use of following .NET dependencies - none of which are known to us as a security attack vector - particularly as every object is internalized to our library (static linking) with no public or external access https://ironsoftware.com/csharp/ocr/docs/license/credits/
  11. Zxing.Net
  12. Tesseract.Net
  13. PdfiumLight
  14. Magick.Net
  15. LibPdfium
  16. PdfiumLight
  17. ICSharpCode.SharpZipLib