Source: gdcm X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for gdcm. These are fixed in 3.0.24: CVE-2024-25569[0]: | An out-of-bounds read vulnerability exists in the | RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot | DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of- | bounds read. An attacker can provide a malicious file to trigger | this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944 CVE-2024-22373[1]: | An out-of-bounds write vulnerability exists in the | JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu | Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can | lead to a heap buffer overflow. An attacker can provide a malicious | file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935 CVE-2024-22391[2]: | A heap-based buffer overflow vulnerability exists in the | LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot | DICOM 3.0.23. A specially crafted malformed file can lead to memory | corruption. An attacker can provide a malicious file to trigger this | vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-25569 https://www.cve.org/CVERecord?id=CVE-2024-25569 [1] https://security-tracker.debian.org/tracker/CVE-2024-22373 https://www.cve.org/CVERecord?id=CVE-2024-22373 [2] https://security-tracker.debian.org/tracker/CVE-2024-22391 https://www.cve.org/CVERecord?id=CVE-2024-22391 Please adjust the affected versions in the BTS as needed.