UbuntuUpdates.org

Package "dcmtk-doc"

Name: dcmtk-doc

Description:

OFFIS DICOM toolkit documentation
Latest version: 3.6.4-2.1ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe
Head package: dcmtk
Homepage: http://dicom.offis.de/dcmtk

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dcmtk-doc"

All arch deb package
APT INSTALL

Other versions of "dcmtk-doc" in Focal

Repository Area Version
base universe 3.6.4-2.1build2
security universe 3.6.4-2.1ubuntu0.2

Changelog

Version: 3.6.4-2.1ubuntu0.2 2025-07-08 12:07:13 UTC

  dcmtk (3.6.4-2.1ubuntu0.2) focal-security; urgency=medium

  [ Matthew Ruffell <email address hidden> ]
  * SECURITY REGRESSION: Fix segmentation fault introduced by
    CVE-2021-41687 merging two methods that actually did very
    different things. (LP: #2081100)
    - d/p/CVE-2021-41687-2.patch: Fixed bug introduced in a9697d.

 -- Shishir Subedi <email address hidden> Mon, 07 Jul 2025 16:15:34 +0545
Source diff to previous version
CVE-2021-41687 DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsi

Version: 3.6.4-2.1ubuntu0.1 2024-09-17 11:06:53 UTC

  dcmtk (3.6.4-2.1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2021-41687.patch: fixed null pointer
      dereferences discoverd in the code (CVE-2021-41687, CVE-2021-41688,
      and CVE-2021-41690)
    - debian/patches/CVE-2021-41689.patch: fixed a buffer overflow
      in DU_getStringDOElement function.
    - debian/patches/CVE-2022-2121.patch: fixed a null pointer dereference
    - debian/patches/CVE-2022-43272.patch: fixed a memory leak in
      DcmQueryRetrieveSCP::waitForAssociation function.
    - debian/patches/CVE-2024-28130-1.patch: fixed unchecked typecasts of
      DcmItem::search results.
    - debian/patches/CVE-2024-28130-2.patch: fixed unchecked typecasts and
      fixed LUT handling.
    - debian/patches/CVE-2024-28130-3.patch: fixed wrong error handling
      introduced with the previous patch.
    - debian/patches/CVE-2024-34508,CVE-2024-34509.patch: fixed two
      segmentation faults
    - CVE-2021-41687
    - CVE-2021-41688
    - CVE-2021-41689
    - CVE-2021-41690
    - CVE-2022-2121
    - CVE-2022-43272
    - CVE-2024-28130
    - CVE-2024-34508
    - CVE-2024-34509

 -- Shishir Subedi <email address hidden> Tue, 03 Sep 2024 11:47:56 +0545
CVE-2021-41687 DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsi
CVE-2021-41688 DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending
CVE-2021-41690 DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST
CVE-2021-41689 DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the
CVE-2022-2121 OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-o
CVE-2022-43272 DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
CVE-2024-28130 An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially craft
CVE-2024-34508 dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVE-2024-34509 dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.


About   -   Send Feedback to @ubuntu_updates