Description
An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDCM). The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow in buffer indexing. It is exploitable via file input, simply opening a crafted malicious DICOM file is sufficient to trigger the crash, resulting in a denial-of-service condition.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =3.0.21-1 || =3.0.21-2 || =3.0.22-1 || =3.0.22-2 || =3.0.22-2.1 || =3.0.22-2.1~exp1 || =3.0.22-3 || =3.0.24-1 || =3.0.24-1+hurd.1 || =3.0.24-2 || =3.0.24-3 || =3.0.24-3+hurd.1 || =3.0.24-4 || =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || =3.0.24-8 || =3.0.24-9 | - |
debian 11 | | =3.0.10-1 || =3.0.10-1~bpo11+1 || =3.0.11-1 || =3.0.12-1 || =3.0.13-1 || =3.0.13-2 || =3.0.13-2~bpo11+1 || =3.0.13-3 || =3.0.14-1 || =3.0.16-1 || =3.0.17-1 || =3.0.17-1~bpo11+1 || =3.0.17-2 || =3.0.17-3 || =3.0.17-4 || =3.0.17-4~bpo11+1 || =3.0.17-5 || =3.0.20-1 || =3.0.20-2 || =3.0.20-3 || =3.0.20-3+hurd.1 || =3.0.21-1 || =3.0.21-2 || =3.0.22-1 || =3.0.22-2 || =3.0.22-2.1 || =3.0.22-2.1~exp1 || =3.0.22-3 || =3.0.24-1 || =3.0.24-1+hurd.1 || =3.0.24-2 || =3.0.24-3 || =3.0.24-3+hurd.1 || =3.0.24-4 || =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || =3.0.24-8 || =3.0.24-9 || =3.0.8-2 || =3.0.8-3 || =3.0.8-4 | - |
debian 14 | | =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || >=0 <3.0.24-8 | 3.0.24-8 |
debian 13 | | =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || =3.0.24-8 || =3.0.24-9 | - |
