Vulnerabilities > CVE-2019-5144 - Out-of-bounds Write vulnerability in Kakadusoftware Kakadu Software 7.10.2

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

kakadusoftware

CWE-787

NVD

Published: 2019-12-12

Updated: 2022-06-17

Summary

An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Kakadusoftware Kakadusoftware Kakadu Software 7.10.2	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0933
last seen	2019-12-28
published	2019-12-11
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0933
title	Kakadu Software SDK ATK marker code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0933