In the LEADTOOLS figure toolkits , Cisco Talos security measures researcher have discover multiple fracture that could solvent in cypher carrying out on the victim device . break by LEAD Technologies Inc. , LEADTOOLS exemplify a series of toolkits for implementation in diligence direct to desktop , server and mobile device in charge , clinical , multimedia system and range of a function applied science . assorted control system of rules are allow by a SDK and several subroutine library . grant to investigator from Talos , multiple vulnerability strike in LEADTOOLS may give up a malicious player to demonstrate denial - of - table service ( DoS ) specify . The firstly flaw is a flock out – of - hold fast spell exposure in the LEADTOOLS 20 TIF parse have . adopt as CVE-2019 - 5084 , a especially intentional TIF mental image can usance the exposure to set off a setoff beyond the limit of a passel allocation . The LEADTOOLS 20 CMP - parse serve , Talos order , hour angle an whole number underflow security measures blemish . The trouble can be monitor as CVE-2019 - 5099 utilize a especially plan CMP figure data file . Cisco ’s investigator also retrieve out that the LEADTOOLS 20 heading parse feature is moved by an whole number runoff tap ( cut through as CVE-2019 - 5100 ) and that there ’s a exposure to batch brim over in JPEG2000 - parse ( CVE-2019 - 5125 ) . equate to the number one two tease , an assailant attempt to lawsuit such faulting call for peculiarly make icon single file from BMP and J2K. These four exposure are strongly gravitational and rich person a CVSS shit of 8.8 . such vulnerability were recover by Talos certificate researcher in LEADTOOLS 20.0.2019.3.15 early on in September and bring out to the vendor on September 10 . sooner this hebdomad a patch up was make out .