First published: Thu Dec 12 2019(Updated: )
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Leadtools Leadtools | =20.0.2019.3.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-5085 is critical, with a CVSS score of 9.8.
The vulnerability in CVE-2019-5085 occurs due to an integer overflow in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15.
The affected software of CVE-2019-5085 is Leadtools version 20.0.2019.3.15.
An attacker can exploit CVE-2019-5085 by sending a specially crafted packet that triggers an integer overflow and leads to heap corruption.
A fix for CVE-2019-5085 is currently not available. It is recommended to update to a newer version of the affected software when a fix is released.