Étienne Mollier pushed to branch master at Debian Med / dcmtk
Commits: 7b857e61 by Étienne Mollier at 2026-06-22T22:19:31+02:00 CVE-2026-12805.patch: new: fix CVE-2026-12805. This patch fixes a risk of buffer overflow by ensuring negative error codes in XMLNode::parseFile are properly handled, as well a NULL values. Closes: #1140562 - - - - - 03a51480 by Étienne Mollier at 2026-06-22T23:33:20+02:00 d/changelog: ready for upload to unstable. - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2026-12805.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,12 @@ +dcmtk (3.7.0+really3.7.0-6) unstable; urgency=medium + + * CVE-2026-12805.patch: new: fix CVE-2026-12805. + This patch fixes a risk of buffer overflow by ensuring negative error + codes in XMLNode::parseFile are properly handled, as well a NULL + values. (Closes: #1140562) + + -- Étienne Mollier <[email protected]> Mon, 22 Jun 2026 22:22:11 +0200 + dcmtk (3.7.0+really3.7.0-5) unstable; urgency=high * CVE-2026-10194.patch: new: fix CVE-2026-10194. (Closes: #1139181) ===================================== debian/patches/CVE-2026-12805.patch ===================================== @@ -0,0 +1,50 @@ +commit 1d4b3815c0987840a983160bfc671fef63a3105b +Author: Marco Eichelberg <[email protected]> +Date: Sat May 23 17:07:58 2026 +0200 + + Fixed buffer overflow in XMLNode::parseFile(). + + Fixed a heap buffer overflow that could occur in the XML parser + when reading from a named pipe. + + Thanks to Cristhian Daniel Rivas Zúñiga and Sebastian Andres Muñoz Morera + (Insituto Tecnológico de Costa Rica) for the bug report and fix. + + This closes DCMTK issue #1208. + +--- dcmtk.orig/ofstd/libsrc/ofxml.cc ++++ dcmtk/ofstd/libsrc/ofxml.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 2011-2025, OFFIS e.V. ++ * Copyright (C) 2011-2026, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were slightly modified by +@@ -328,6 +328,7 @@ + } + static inline FILE *xfopen(XMLCSTR filename,XMLCSTR mode) { return fopen(filename,mode); } + static inline int xstrlen(XMLCSTR c) { return OFstatic_cast(int, strlen(c)); } ++ // DCMTK: use this macro for detecting a classic Borland compiler + #ifdef HAVE_CLASSIC_BORLAND_COMPILER + static inline int xstrnicmp(XMLCSTR c1, XMLCSTR c2, int l) { return strnicmp(c1,c2,l);} + static inline int xstricmp(XMLCSTR c1, XMLCSTR c2) { return stricmp(c1,c2); } +@@ -1961,7 +1962,8 @@ + if (f==NULL) { if (pResults) pResults->error=eXMLErrorFileNotFound; return emptyXMLNode; } + fseek(f,0,SEEK_END); + int l=OFstatic_cast(int, ftell(f)),headerSz=0; +- if (!l) { if (pResults) pResults->error=eXMLErrorEmpty; fclose(f); return emptyXMLNode; } ++ // DCMTK: handle situation where ftell() returns -1 ++ if (l <= 0) { if (pResults) pResults->error=eXMLErrorEmpty; fclose(f); return emptyXMLNode; } + fseek(f,0,SEEK_SET); + unsigned char *buf=OFreinterpret_cast(unsigned char*, malloc(l+4)); + l=OFstatic_cast(int, fread(buf,1,l,f)); +@@ -2302,6 +2304,7 @@ + int i=0; + while ((OFreinterpret_cast(void*, pa[i].d))!=(OFreinterpret_cast(void*, d))) i++; + d->pParent->nChild--; ++ // DCMTK: fixed minor Clang warning + if (d->pParent->nChild) memmove(pa+i,pa+i+1,(d->pParent->nChild-i)*sizeof(XMLNode)); + else { free(pa); d->pParent->pChild=NULL; } + return removeOrderElement(d->pParent,eNodeChild,i); ===================================== debian/patches/series ===================================== @@ -6,3 +6,4 @@ skip-bigendian-roundtrip-failure.patch hurd.patch CVE-2026-5663.patch CVE-2026-10194.patch +CVE-2026-12805.patch View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/10646038e055de77006f57a49558b52beee7b78e...03a514808d7ee2f962a6696e6575f89c334cdf58 -- View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/10646038e055de77006f57a49558b52beee7b78e...03a514808d7ee2f962a6696e6575f89c334cdf58 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-med-commit mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
