Описание
Security update for dcmtk
This update for dcmtk fixes the following issues:
-
CVE-2022-43272: Fixed memory leak via the T_ASC_Association object (boo#1206070)
-
Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637, CVE-2022-2121, CVE-2022-2120, CVE-2022-2119)
- CVE-2022-2121: Fixed possible DoS via NULL pointer dereference
- CVE-2022-2120: Fixed relative path traversal vulnerability
- CVE-2022-2119: Fixed path traversal vulnerability
See DOCS/CHANGES.367 for the full list of changes
- Updated code definitions for DICOM 2022b
- Fixed possible NULL pointer dereference
Список пакетов
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2023:0108-1
- SUSE Security Ratings
- SUSE Bug 1206070
- SUSE Bug 1208637
- SUSE Bug 1208638
- SUSE Bug 1208639
- SUSE CVE CVE-2022-2119 page
- SUSE CVE CVE-2022-2120 page
- SUSE CVE CVE-2022-2121 page
- SUSE CVE CVE-2022-43272 page
Описание
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
Затронутые продукты
Ссылки
- CVE-2022-2119
- SUSE Bug 1208637
Описание
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
Затронутые продукты
Ссылки
- CVE-2022-2120
- SUSE Bug 1208638
Описание
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.
Затронутые продукты
Ссылки
- CVE-2022-2121
- SUSE Bug 1208639
Описание
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
Затронутые продукты
Ссылки
- CVE-2022-43272
- SUSE Bug 1206070