Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating documents, multimedia and imaging technologies into applications. All of the software is produced by LEAD Technologies Inc. LEADTOOLS offers prebuilt and portable libraries with an SDK for most platforms (Windows, Linux, Android, etc.), that are all geared toward building

applications for medical systems. Various pieces of LEADTOOLS contain vulnerabilities that could be exploited by malicious actors to carry out a number of actions, including denial-of-service conditions and the exposure of sensitive information.

In accordance with our coordinated disclosure policy, Cisco Talos worked with LEAD Technologies to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details LEADTOOLS JPEG2000 Isot parsing memory corruption vulnerability (TALOS-2019-0945/CVE-2019-5154)

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

LEADTOOLS CMP-parsing code execution vulnerability (TALOS-2019-0877/CVE-2019-5085)

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

LEADTOOLS libltdic.so DICOM LDicomNet::receive information disclosure vulnerability (TALOS-2019-0882/CVE-2019-5090)

An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

LEADTOOLS libltdic.so LDicomAssociate::SetBinary denial-of-service vulnerability (TALOS-2019-0883/CVE-2019-5091)

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. Read the complete vulnerability advisory here for additional information.

LEADTOOLS libltdic.so LDicomAssociate::SetBinary denial-of-service vulnerability (TALOS-2019-0884/CVE-2019-5092)

An exploitable heap out-of-bounds write vulnerability exists in the UI tag-parsing functionality of the DICOM image format of LEADTOOLS 20. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability. Read the complete vulnerability advisory here for additional information.

LEADTOOLS libltdic.so DICOM LDicomNet::SendData code execution vulnerability (TALOS-2019-0885/CVE-2019-5093)

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability. Read the complete vulnerability advisory here for additional information.

Versions tested Talos tested and confirmed that version 20.0.2019.3.15 of LEADTOOLS is affected by these vulnerabilities.

Coverage The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 50857, 50897 - 50899, 50908, 50909, 52082, 52083,