Security experts at Cisco Talos discovered four High severity vulnerabilities in the LEADTOOLS imaging toolkits that could be exploited to execute arbitrary code on the target system.
LEADTOOLS is a collection of comprehensive
The experts discovered multiple issues that could be exploited by remote attackers to trigger denial-of-service (
The first vulnerability, tracked as CVE-2019-5084, is a heap out-of-bounds write issue that resides in the TIF-parsing functionality of LEADTOOLS 20.
An attacker could exploit the flaw by using a specially crafted TIF image.
“An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap
The second vulnerability tracked as CVE-2019-5099 is an exploitable integer underflow issue that resides in the CMP-parsing functionality of LEADTOOLS 20. The flaw could be exploited using a specially crafted CMP image file.
“An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution.” continues the post. “An attacker can specially craft a CMP image to trigger this vulnerability. “
Experts also discovered an integer overflow issue in the BMP header parsing functionality of LEADTOOLS 20 tracked as CVE-2019-5100 that could potentially result in code execution.
The last issue discovered by Cisco Talos is an exploitable heap overflow vulnerability, tracked as CVE-2019-5125,
The vulnerability could be exploited using a specially crafted J2K image file that can cause an out-of-bounds write of a heap buffer
The same as with the first two bugs, an attacker looking to trigger these weaknesses would need specially crafted BMP and J2K image files.
The vulnerabilities were discovered in early September and reported them to LEAD Technologies Inc.
Talos team also released SNORT rules that allow users to detect exploitation attempts.
|[adrotate banner=”9″]||[adrotate banner=”12″]|