Package "libdcmtk-dev"
Name: |
libdcmtk-dev
|
Description: |
OFFIS DICOM toolkit development libraries and headers
|
Latest version: |
3.6.4-2.1ubuntu0.1 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
dcmtk |
Homepage: |
http://dicom.offis.de/dcmtk |
Links
Download "libdcmtk-dev"
Other versions of "libdcmtk-dev" in Focal
Changelog
dcmtk (3.6.4-2.1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-41687.patch: fixed null pointer
dereferences discoverd in the code (CVE-2021-41687, CVE-2021-41688,
and CVE-2021-41690)
- debian/patches/CVE-2021-41689.patch: fixed a buffer overflow
in DU_getStringDOElement function.
- debian/patches/CVE-2022-2121.patch: fixed a null pointer dereference
- debian/patches/CVE-2022-43272.patch: fixed a memory leak in
DcmQueryRetrieveSCP::waitForAssociation function.
- debian/patches/CVE-2024-28130-1.patch: fixed unchecked typecasts of
DcmItem::search results.
- debian/patches/CVE-2024-28130-2.patch: fixed unchecked typecasts and
fixed LUT handling.
- debian/patches/CVE-2024-28130-3.patch: fixed wrong error handling
introduced with the previous patch.
- debian/patches/CVE-2024-34508,CVE-2024-34509.patch: fixed two
segmentation faults
- CVE-2021-41687
- CVE-2021-41688
- CVE-2021-41689
- CVE-2021-41690
- CVE-2022-2121
- CVE-2022-43272
- CVE-2024-28130
- CVE-2024-34508
- CVE-2024-34509
-- Shishir Subedi <email address hidden> Tue, 03 Sep 2024 11:47:56 +0545
|
CVE-2021-41687 |
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsi |
CVE-2021-41688 |
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending |
CVE-2021-41690 |
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST |
CVE-2021-41689 |
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the |
CVE-2022-2121 |
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-o |
CVE-2022-43272 |
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. |
CVE-2024-28130 |
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially craft |
CVE-2024-34508 |
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. |
CVE-2024-34509 |
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. |
|
About
-
Send Feedback to @ubuntu_updates