Lucene search
K

220 matches found

Talos Blog
Talos Blog
added 2020/07/01 1:7 p.m.14 views

Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20

Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating...

2AI score
Exploits0
Talos
Talos
added 2020/07/01 12:0 a.m.35 views

Leadtools Image Parser Animated Icon Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Leadtools ...

8.8CVSS8.5AI score0.02669EPSS
Exploits1
OSV
OSV
added 2019/12/12 12:15 a.m.3 views

CVE-2019-5090

An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this...

7.5CVSS7.2AI score0.02266EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 12:15 a.m.5 views

CVE-2019-5092

An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution...

8.8CVSS7.3AI score0.02456EPSS
Exploits0References1
NVD
NVD
added 2019/12/12 12:15 a.m.26 views

CVE-2019-5093

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...

9.8CVSS8.6AI score0.02529EPSS
Exploits0References1
NVD
NVD
added 2019/12/12 12:15 a.m.19 views

CVE-2019-5090

An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this...

9.1CVSS7.3AI score0.02266EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 12:15 a.m.4 views

CVE-2019-5093

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...

9.8CVSS6.2AI score0.02529EPSS
Exploits0References1
NVD
NVD
added 2019/12/12 12:15 a.m.31 views

CVE-2019-5092

An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution...

8.8CVSS8.9AI score0.02456EPSS
Exploits0References1
NVD
NVD
added 2019/12/12 12:15 a.m.27 views

CVE-2019-5154

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K...

8.8CVSS9.1AI score0.02619EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 12:15 a.m.7 views

CVE-2019-5091

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability...

7.5CVSS5.8AI score0.01942EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 12:15 a.m.4 views

CVE-2019-5085

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...

9.8CVSS7.7AI score0.03366EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 12:15 a.m.4 views

CVE-2019-5154

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K...

8.8CVSS7.4AI score0.02619EPSS
Exploits0References1
NVD
NVD
added 2019/12/12 12:15 a.m.19 views

CVE-2019-5085

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...

9.8CVSS9.6AI score0.03366EPSS
Exploits0References1
NVD
NVD
added 2019/12/12 12:15 a.m.22 views

CVE-2019-5091

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability...

7.5CVSS7.4AI score0.01942EPSS
Exploits0References1
Prion
Prion
added 2019/12/12 12:15 a.m.15 views

Integer overflow

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...

7.5CVSS9.5AI score0.02529EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/12/12 12:15 a.m.14 views

Heap overflow

An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution...

6.8CVSS8.8AI score0.02456EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/12/12 12:15 a.m.12 views

Heap overflow

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K...

6.8CVSS9AI score0.02619EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/12/12 12:15 a.m.14 views

Information disclosure

An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this...

5CVSS7.1AI score0.02266EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/12/12 12:0 a.m.2 views

LEAD Technologies LEADTOOLS Buffer Overflow Vulnerability (CNVD-2020-01951)

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A buffer overflow vulnerability exists in the JPEG2000 parsing functionality in LEAD Technologies LEADTOOLS version 20.0.2019.3.15, which originates when a networked system or product performs an operation ...

8.8CVSS7.4AI score0.02619EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/12 12:0 a.m.2 views

LEAD Technologies LEADTOOLS Heap Out-of-Bounds Write Vulnerability

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A heap out-of-bounds write vulnerability exists in the UI label parsing functionality of the DICOM image format in LEADTOOLS 20.0.2019.3.15, which can be exploited by an attacker to achieve code execution v...

8.8CVSS7.8AI score0.02456EPSS
Exploits0References1
Rows per page
Query Builder