LEAD Technologies LEADTOOLS Code Execution Vulnerability

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A code execution vulnerability in the DICOM network response function of the libltdic.so library in LEAD Technologies LEADTOOLS version 20.0.2019.3.15 can be exploited by an attacker to cause an integer...

LEAD Technologies LEADTOOLS Buffer Overflow Vulnerability (CNVD-2020-01951)

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A buffer overflow vulnerability exists in the JPEG2000 parsing functionality in LEAD Technologies LEADTOOLS version 20.0.2019.3.15, which originates when a networked system or product performs an operation ...

LEAD Technologies LEADTOOLS Code Execution Vulnerability (CNVD-2020-09643)

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A code execution vulnerability exists in the DICOM packet parsing functionality in LEAD Technologies LEADTOOLS version 20.0.2019.3.15, which can be exploited by an attacker to cause an integer overflow by...

LEAD Technologies LEADTOOLS Heap Out-of-Bounds Write Vulnerability

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A heap out-of-bounds write vulnerability exists in the UI label parsing functionality of the DICOM image format in LEADTOOLS 20.0.2019.3.15, which can be exploited by an attacker to achieve code execution v...

CVE-2019-5092

CVE-2019-5092 affects LEADTOOLS 20.0.2019.3.15: a heap out-of-bounds write in the UI tag parsing of DICOM handling (ltdicx.dll) can occur when processing the UI tag data, leading to potential code execution. The TALOS advisory details a vulnerability chain in LEADTOOLS components, with a concrete...

CVE-2019-5092

An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution...

CVE-2019-5154

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K...

CVE-2019-5154

LEADTOOLS 20.0.2019.3.15 contains a heap overflow in the JPEG2000 parsing path. A specially crafted J2K image can trigger an out-of-bounds write of a null byte in a heap buffer, potentially leading to code execution. This vulnerability (CVE-2019-5154) has been detailed by Talos (TALOS-2019-0945) ...

CVE-2019-5091

The CVE-2019-5091 issue affects LEADTOOLS libltdic.so (LEADTOOLS 20.0.2019.3.15). In DICOM packet parsing, LDicomAssociate::SetBinary can enter an infinite loop when processing Presentation Context data (bytes not equal to 0x30 or 0x40), enabling a denial-of-service via a specially crafted networ...

CVE-2019-5091

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability...

CVE-2019-5085

LEADTOOLS libltdic.so (DICOM parsing) version 20.0.2019.3.15 is affected by an exploit that causes an integer overflow during heap-allocated buffer growth, leading to heap corruption and potential code execution. The issue arises when parsing incoming DICOM packets in the network listener (LDicom...

CVE-2019-5085

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...

CVE-2019-5093

LEADTOOLS libltdic.so 20.0.2019.3.15 is affected by CVE-2019-5093 in the DICOM network response path. A crafted packet can set the LDicomAssociate::m_nMaxLength to an attacker-controlled value, triggering an integer overflow during buffer sizing and resulting in heap corruption. The flaw is exerc...

CVE-2019-5093

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...

CVE-2019-5090

An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this...

CVE-2019-5090

CVE-2019-5090 affects LEADTOOLS libltdic.so 20.0.2019.3.15 in the DICOM packet-parsing path. A crafted DICOM network packet can trigger an out-of-bounds read in LDicomFile::Write, leading to information disclosure. Talos advisories (e.g., TALOS-2019-0882) describe the vulnerability details and co...

Vulnerability Spotlight: Multiple vulnerabilities in LEADTOOLS software

Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at...

LEADTOOLS DICOM UI Parsing Code Execution Vulnerability

Summary An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An...

LEADTOOLS libltdic.so LDicomAssociate::SetBinary denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. Tested...

LEADTOOLS libltdic.so DICOM LDicomNet::SendData Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this...