Main Vulnerability Database Vulnerabilities #VU22550

Integer underflow in LEADTOOLS - CVE-2019-5099

Published: November 6, 2019

Vulnerability identifier: #VU22550

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2019-5099

CWE-ID: CWE-191

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LEAD Technologies, Inc.

Affected software:
LEADTOOLS

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow in the CMP-parsing functionality. A remote attacker can send a specially crafted CMP image file to the affected application, trigger integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: This vulnerability affects LEADTOOLS version 20.0.2019.3.15.

How to mitigate CVE-2019-5099

Vendor recommends to update to version 20.0.2019.3.20.

Sources

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0891

Integer underflow in LEADTOOLS - CVE-2019-5099

Detailed vulnerability description

How to mitigate CVE-2019-5099

Sources

Please verify you're human