Debian Patches

Status for dcmtk/3.6.7-9~deb12u2

Patch Description Author Forwarded Bugs Origin Last update
01_dcmtk_3.6.0-1.patch The original maintainer Jürgen Salk applied a set of patches to the original code. This file contains
changes to C++ code		 Jürgen Salk <jsa@debian.org> no
03_datadic_install.patch Install dict to versioned dir Mathieu Malaterre <malat@debian.org> no debian
07_dont_export_all_executables.patch Don't add executables to cmake exports CMake exports are used by other packages that compile
and link against dcmtk. Because Debian moves some of
these executables and also dosn't install the test
executables, this import may fail leading to failure
to configure the according package.		 Gert Wollny <gw.fossdev@gmail.com> no debian
f06a867513524664a1b03dfcf812d8b60fdd02cc.patch [PATCH] Fixed path traversal vulnerability.
Thanks to Sharon Brizinov >sharon.b@claroty.com> and Noam Moshe from
Claroty Research for the bug report and sample files.

This closes DCMTK issue #1021.		 Marco Eichelberg <dicom@offis.de> no 2022-05-06
c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch [PATCH] Fixed memory leak in single process mode.
Fixed a memory leak in dcmqrscp's single process mode.

Thanks to <songxiangpu@mail.sdu.edu.cn> for the bug report and test data.		 Marco Eichelberg <dicom@offis.de> no 2022-06-09
0007-CVE-2024-47796.patch Fixed issue rendering invalid monochrome image. Fixed issue when rendering an invalid monochrome DICOM image where the
number of pixels stored does not match the expected number of pixels.
If the stored number is less than the expected number, the rest of the
pixel matrix for the intermediate representation was always filled with
the value 0. Under certain, very rare conditions, this could result in
memory problems reported by an Address Sanitizer (ASAN). Now, the rest
of the matrix is filled with the smallest possible value for the image.
.
Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscovery@external.cisco.com> for the original report, the sample
file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796.

diff --git a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
index e749a6b16e9f1af9a1459875aef5b7ab308c3987..50389a5407ec3e913446c2e6ba8c6c68047edaf8 100644 (file)		 Joerg Riesmeier <dicom@jriesmeier.com> yes debian 2025-01-18
0008-CVE-2024-52333.patch Added check to make sure: HighBit < BitsAllocated. Added check to the image preprocessing to make sure that the value of
HighBit is always less than the value of BitsAllocated. Before, this
missing check could lead to memory corruption if an invalid combination
of values was retrieved from a malformed DICOM dataset.
.
Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscovery@external.cisco.com> for the report, sample file (PoC)
and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333.		 Joerg Riesmeier <dicom@jriesmeier.com> yes debian 2025-01-18
0009-CVE-2024-27628.patch Fixed possible overflows when allocating memory. Thanks to GitHub user "bananabr" (Daniel Berredo) for the report and
suggested patch.		 Michael Onken <onken@open-connections.de> yes debian 2025-01-30
0010-CVE-2024-34508-34509.patch Fixed two segmentation faults. Fixed two segmentations faults that could occur while processing an
invalid incoming DIMSE message due to insufficient error handling
causing a de-referenced NULL pointer.
.
Thanks to Nils Bars <nils.bars@rub.de> for the bug report and sample files.
.
This closes DCMTK issue #1114.		 Marco Eichelberg <dicom@offis.de> yes upstream 2025-02-01
0011-CVE-2024-34508-34509_bis.patch Fixed DcmDecimalString unit tests.
diff --git a/dcmdata/tests/tvrds.cc b/dcmdata/tests/tvrds.cc
index a9132a341..0e929304d 100644		 Marco Eichelberg <dicom@offis.de> no 2025-02-01

All known versions for source package 'dcmtk'

Links