-------------------------------------------------------------------------
Debian LTS Advisory DLA-4363-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
November 03, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : dcmtk
Version : 3.6.5-1+deb11u5
CVE ID : CVE-2020-36855 CVE-2022-4981 CVE-2025-9732
Debian Bug : 1113993
Several vulnerabilities have been fixed in DCMTK, a collection of
libraries and applications implementing large parts of the DICOM standard
for medical images.
CVE-2025-9732
Processing of an invalid DICOM image with a Photometric
Interpretation of "YBR_FULL" and a Planar Configuration of "1" where
the number of pixels stored does not match the expected number of pixels.
This may lead to memory corruption.
CVE-2022-4981
Various issues in the dcmqrscp configuration file parser that could cause
application crashes when reading a malformed configuration file, due to
insufficient checks of the input data.
CVE-2020-36855
Stack-based overflow in the dcmqrscp config parser.
For Debian 11 bullseye, these problems have been fixed in version
3.6.5-1+deb11u5.
We recommend that you upgrade your dcmtk packages.
For the detailed security status of dcmtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dcmtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part