PT-2020-18916 · Lead Technologies · Leadtools
Published
2020-07-01
·
Updated
2022-05-12
·
CVE-2020-6089
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Leadtools version 20
Description
A code execution issue exists in the ANI file format parser. A specially crafted ANI file can cause a buffer overflow, resulting in remote code execution. An attacker can provide a malicious file to trigger this issue.
Recommendations
For Leadtools version 20, consider avoiding the use of the ANI file format parser until a patch is available. As a temporary workaround, restrict the handling of ANI files to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Leadtools