Description
A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =3.0.10-1 || =3.0.10-1~bpo11+1 || =3.0.11-1 || =3.0.12-1 || =3.0.13-1 || =3.0.13-2 || =3.0.13-2~bpo11+1 || =3.0.13-3 || =3.0.14-1 || =3.0.16-1 || =3.0.17-1 || =3.0.17-1~bpo11+1 || =3.0.17-2 || =3.0.17-3 || =3.0.17-4 || =3.0.17-4~bpo11+1 || =3.0.17-5 || =3.0.20-1 || =3.0.20-2 || =3.0.20-3 || =3.0.20-3+hurd.1 || =3.0.21-1 || =3.0.21-2 || =3.0.22-1 || =3.0.22-2 || =3.0.22-2.1 || =3.0.22-2.1~exp1 || =3.0.22-3 || =3.0.24-1 || =3.0.24-1+hurd.1 || =3.0.24-2 || =3.0.24-3 || =3.0.24-3+hurd.1 || =3.0.24-4 || =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || =3.0.24-8 || =3.0.24-9 || =3.0.8-2 || =3.0.8-3 || =3.0.8-4 |
debian 12 | | =3.0.21-1 || =3.0.21-2 || =3.0.22-1 || =3.0.22-2 || =3.0.22-2.1 || =3.0.22-2.1~exp1 || =3.0.22-3 || =3.0.24-1 || =3.0.24-1+hurd.1 || =3.0.24-2 || =3.0.24-3 || =3.0.24-3+hurd.1 || =3.0.24-4 || =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || =3.0.24-8 || =3.0.24-9 |
debian 13 | | =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || =3.0.24-8 || =3.0.24-9 |
debian 14 | | =3.0.24-5 || =3.0.24-5+hurd.1 || =3.0.24-5+hurd.2 || =3.0.24-6 || =3.0.24-7 || =3.0.24-8 || =3.0.24-9 |
