Описание
Security update for dcmtk
This update for dcmtk fixes the following issues:
Update to 3.6.9. See DOCS/CHANGES.368 for the full list of changes
Security issues fixed:
- CVE-2024-27628: Fixed buffer overflow via the EctEnhancedCT method (boo#1227235)
- CVE-2024-34508: Fixed a segmentation fault via an invalid DIMSE message (boo#1223925)
- CVE-2024-34509: Fixed segmentation fault via an invalid DIMSE message (boo#1223943)
- CVE-2024-47796: Fixed out-of-bounds write due to improper array index validation in the nowindow functionality (boo#1235810)
- CVE-2024-52333: Fixed out-of-bounds write due to improper array index validation in the determineMinMax functionality (boo#1235811)
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2025:0053-1
- SUSE Security Ratings
- SUSE Bug 1223925
- SUSE Bug 1223943
- SUSE Bug 1227235
- SUSE Bug 1235810
- SUSE Bug 1235811
- SUSE CVE CVE-2024-27628 page
- SUSE CVE CVE-2024-34508 page
- SUSE CVE CVE-2024-34509 page
- SUSE CVE CVE-2024-47796 page
- SUSE CVE CVE-2024-52333 page
Описание
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
Затронутые продукты
Ссылки
- CVE-2024-27628
- SUSE Bug 1227235
Описание
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
Затронутые продукты
Ссылки
- CVE-2024-34508
- SUSE Bug 1223925
Описание
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
Затронутые продукты
Ссылки
- CVE-2024-34509
- SUSE Bug 1223943
Описание
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2024-47796
- SUSE Bug 1235810
Описание
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2024-52333
- SUSE Bug 1235811