SB2019121223 - Multiple vulnerabilities in LEADTOOLS
Published: December 12, 2019 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2019-5085)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
2) Out-of-bounds read (CVE-ID: CVE-2019-5090)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.
3) Infinite loop (CVE-ID: CVE-2019-5091)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.
4) Out-of-bounds write (CVE-ID: CVE-2019-5092)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability.
5) Integer overflow (CVE-ID: CVE-2019-5093)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
6) Out-of-bounds write (CVE-ID: CVE-2019-5154)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.
Remediation
Install update from vendor's website.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0877
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0882
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0883
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0884
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0885
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0945