[SECURITY] [DLA 4227-1] dcmtk security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4227-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
June 24, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : dcmtk
Version : 3.6.5-1+deb11u4
CVE ID : CVE-2022-2119 CVE-2022-2120 CVE-2024-47796 CVE-2025-2357
CVE-2025-25472 CVE-2025-25474 CVE-2025-25475
Debian Bug : 1017743 1098373 1098374 1100724
Multiple vulnerabilities were fixed in dcmtk an OFFIS DICOM toolkit.
CVE-2022-2119/CVE-2022-2120
Path traversal issues were found, allowing an attacker
to write DICOM files into arbitrary directories under
controlled names. This could allow remote code execution.
CVE-2024-47796
An improper array index validation vulnerability exists
in the nowindow functionality.
A specially crafted DICOM file can lead to an out-of-bounds write.
CVE-2025-2357
An issue was found in the dcmjpls JPEG-LS Decoder.
The manipulation leads to memory corruption.
CVE-2025-25472
A buffer overflow was found that cause a Denial of Service
(DoS) via a crafted DCM file.
CVE-2025-25474
A buffer overflow was found via the component
dcmimgle/diinpxt.h
CVE-2025-25475
A NULL pointer dereference was found in the component /libsrc/dcrleccd.cc
For Debian 11 bullseye, these problems have been fixed in version
3.6.5-1+deb11u4.
We recommend that you upgrade your dcmtk packages.
For the detailed security status of dcmtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dcmtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmhasfgACgkQADoaLapB
CF+2Fg//cbkaDeVZq737s7zAH5yBwuKwZPksDZwehf/9uNgM7ot6ur2N+/4zO+Qu
JPKnKqPMBBBIt6SXDKVjnnfIPk49tftaMcSL4DTduQybTtUprkdRW+83qebd40DQ
iccygWxhftn8LkvX8VgNtB9bMHo+/LVG6DP+LR2NB8wkhNj2IJmmy8O5YMo095LO
xczt173FPoMXraJcBOVAxduG8vZskv8T2lelgO+q17XXlpTMvZl/GZS05gDBZ9Da
9Khx3/SoBuR1HEkjg0zecIVKjhhRGHhDWqkaVYg12vI4cHAfrx7DjktRX1ylRnOl
XtTbDQu+h47BjgS1zIBeEJV2/ALi7nY1FOj7pdrMFCpXNeYy0WQRAzR3w/Jp1QIr
mMI3ov4ueAR/ap6DdZs69f3IGD5Vbs45SQ1U7aJaG0/rrjm0wu64HCzt57ULecbp
iPmXINXkDQXgCt/UF6mJ8QtkhKi4QCffs8xAN014cexMYg/i6Fru/U26C7gBYtfS
3r+n8+5oyUoPMD0ubFS6QLeHE6M6fAAcy8gscoHZXEXUsXD9tqg+glepSzZb+LAB
uGa3j29Xmr9nXrw6OUle6OGHVZZ6kIgrzfze9cZ7/i6b7KjS21k1NAYvSwiEODEU
6l3NwoW7l8LzJu+/oj5JCuvhcHX/D6r+L5vmyljMPIq73D4dJls=
=rbWp
-----END PGP SIGNATURE-----
Reply to: