UbuntuUpdates.org

Package "dcmtk-doc"

Name: dcmtk-doc

Description:

OFFIS DICOM toolkit documentation

Latest version: 3.6.4-2.1ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: dcmtk
Homepage: http://dicom.offis.de/dcmtk

Links


Download "dcmtk-doc"


Other versions of "dcmtk-doc" in Focal

Repository Area Version
base universe 3.6.4-2.1build2
updates universe 3.6.4-2.1ubuntu0.1

Changelog

Version: 3.6.4-2.1ubuntu0.1 2024-09-17 10:06:50 UTC

  dcmtk (3.6.4-2.1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2021-41687.patch: fixed null pointer
      dereferences discoverd in the code (CVE-2021-41687, CVE-2021-41688,
      and CVE-2021-41690)
    - debian/patches/CVE-2021-41689.patch: fixed a buffer overflow
      in DU_getStringDOElement function.
    - debian/patches/CVE-2022-2121.patch: fixed a null pointer dereference
    - debian/patches/CVE-2022-43272.patch: fixed a memory leak in
      DcmQueryRetrieveSCP::waitForAssociation function.
    - debian/patches/CVE-2024-28130-1.patch: fixed unchecked typecasts of
      DcmItem::search results.
    - debian/patches/CVE-2024-28130-2.patch: fixed unchecked typecasts and
      fixed LUT handling.
    - debian/patches/CVE-2024-28130-3.patch: fixed wrong error handling
      introduced with the previous patch.
    - debian/patches/CVE-2024-34508,CVE-2024-34509.patch: fixed two
      segmentation faults
    - CVE-2021-41687
    - CVE-2021-41688
    - CVE-2021-41689
    - CVE-2021-41690
    - CVE-2022-2121
    - CVE-2022-43272
    - CVE-2024-28130
    - CVE-2024-34508
    - CVE-2024-34509

 -- Shishir Subedi <email address hidden> Tue, 03 Sep 2024 11:47:56 +0545

CVE-2021-41687 DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsi
CVE-2021-41688 DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending
CVE-2021-41690 DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST
CVE-2021-41689 DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the
CVE-2022-2121 OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-o
CVE-2022-43272 DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
CVE-2024-28130 An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially craft
CVE-2024-34508 dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVE-2024-34509 dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.



About   -   Send Feedback to @ubuntu_updates