PT-2019-17493 · Lead Technologies · Leadtools

Published

2019-11-06

Updated

2022-06-21

CVE-2019-5125

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LEADTOOLS version 20

Description A heap overflow issue exists in the JPEG2000 parsing functionality. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this issue.

Recommendations For LEADTOOLS version 20, consider avoiding the use of the JPEG2000 parsing functionality until a fix is available. As a temporary workaround, restrict the processing of J2K image files to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2019-5125

Affected Products

Leadtools

PT-2019-17493 · Lead Technologies · Leadtools

CVE-2019-5125

Weakness Enumeration

Related Identifiers

Affected Products

References · 3