Vulnerabilities > CVE-2019-5091 - Infinite Loop vulnerability in Leadtools 20.0.2019.3.15

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
leadtools
CWE-835
NVD
Published: 2019-12-12
Updated: 2022-06-17

Summary

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Leadtools
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0883
last seen2019-12-18
published2019-12-10
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0883
titleLEADTOOLS libltdic.so LDicomAssociate::SetBinary denial-of-service vulnerability

References