Vulnerabilities > CVE-2019-5091 - Infinite Loop vulnerability in Leadtools 20.0.2019.3.15

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

leadtools

CWE-835

NVD

Published: 2019-12-12

Updated: 2022-06-17

Summary

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Leadtools Leadtools Leadtools 20.0.2019.3.15	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Talos

id	TALOS-2019-0883
last seen	2019-12-18
published	2019-12-10
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0883
title	LEADTOOLS libltdic.so LDicomAssociate::SetBinary denial-of-service vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0883