A vulnerability classified as critical was found in LEADTOOLS 20.0.2019.3.15. Affected by this vulnerability is an unknown code of the file libltdic.so of the component DICOM Handler. The manipulation as part of a Crafted Packet leads to a integer overflow vulnerability. The CWE definition for the vulnerability is CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.

The weakness was published 12/12/2019 (Website). The advisory is shared at talosintelligence.com. This vulnerability is known as CVE-2019-5093 since 01/04/2019. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at 147026, 147024, 147023 and 147022.

Productinfo

Name

• LEADTOOLS

Version

• 20.0.2019.3.15

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion