PT-2019-17466 · Lead Technologies · Leadtools

Lilith >_>

Published

2019-12-11

Updated

2022-06-17

CVE-2019-5085

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LEADTOOLS libltdic.so version 20.0.2019.3.15

Description A code execution issue exists in the DICOM packet-parsing functionality. It can be triggered by a specially crafted packet, causing an integer overflow that results in heap corruption.

Recommendations For version 20.0.2019.3.15, consider restricting access to the DICOM packet-parsing functionality until a patch is available. As a temporary workaround, avoid processing untrusted or unknown DICOM packets to minimize the risk of exploitation.

Fix

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190

Related Identifiers

CVE-2019-5085

Affected Products

Leadtools

PT-2019-17466 · Lead Technologies · Leadtools

CVE-2019-5085

Weakness Enumeration

Related Identifiers

Affected Products

References · 3