CVE-2019-5085: Integer Overflow
First published: Thu Dec 12 2019(Updated: )
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Leadtools Leadtools | =20.0.2019.3.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5085?
The severity of CVE-2019-5085 is critical, with a CVSS score of 9.8.
How does the vulnerability in CVE-2019-5085 occur?
The vulnerability in CVE-2019-5085 occurs due to an integer overflow in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15.
What is the affected software of CVE-2019-5085?
The affected software of CVE-2019-5085 is Leadtools version 20.0.2019.3.15.
How can an attacker exploit CVE-2019-5085?
An attacker can exploit CVE-2019-5085 by sending a specially crafted packet that triggers an integer overflow and leads to heap corruption.
Is there a fix available for CVE-2019-5085?
A fix for CVE-2019-5085 is currently not available. It is recommended to update to a newer version of the affected software when a fix is released.
- collector/nvd-index
- vendor/leadtools
- canonical/leadtools leadtools
- version/leadtools leadtools/20.0.2019.3.15