PT-2022-14886 · Lead Technologies · Leadtools

Emmanuel Tacheau

Published

2022-04-14

Updated

2022-04-21

CVE-2022-21154

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Leadtools version 22

Description An integer overflow issue exists in the fltSaveCMP functionality. A specially-crafted BMP file can cause an integer overflow, leading to a buffer overflow. An attacker can trigger this issue by providing a malicious BMP file.

Recommendations For Leadtools version 22, consider disabling the fltSaveCMP functionality until a patch is available to prevent potential exploitation. Restrict access to handling BMP files to minimize the risk of triggering the integer overflow.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2022-21154

Affected Products

Leadtools

PT-2022-14886 · Lead Technologies · Leadtools

CVE-2022-21154

Weakness Enumeration

Related Identifiers

Affected Products

References · 5