Debian Patches
Status for dcmtk/3.6.9-4
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_dcmtk_3.6.0-1.patch | The original maintainer Jürgen Salk applied a set of patches to the original code. This file contains changes to C++ code |
Jürgen Salk <jsa@debian.org> | not-needed | |||
| 07_dont_export_all_executables.patch | Don't add executables to cmake exports CMake exports are used by other packages that compile and link against dcmtk. Because Debian moves some of these executables and also dosn't install the test executables, this import may fail leading to failure to configure the according package. =================================================================== |
Gert Wollny <gw.fossdev@gmail.com> | not-needed | debian | ||
| remove_version.patch | Remove version =================================================================== |
Mathieu Malaterre <malat@debian.org> | not-needed | 2023-11-06 | ||
| 0007-CVE-2024-47796.patch | Fixed issue rendering invalid monochrome image. Fixed issue when rendering an invalid monochrome DICOM image where the number of pixels stored does not match the expected number of pixels. If the stored number is less than the expected number, the rest of the pixel matrix for the intermediate representation was always filled with the value 0. Under certain, very rare conditions, this could result in memory problems reported by an Address Sanitizer (ASAN). Now, the rest of the matrix is filled with the smallest possible value for the image. . Thanks to Emmanuel Tacheau from the Cisco Talos team <vulndiscovery@external.cisco.com> for the original report, the sample file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796. |
Joerg Riesmeier <dicom@jriesmeier.com> | yes | debian | 2025-01-18 | |
| 0008-CVE-2024-52333.patch | Added check to make sure: HighBit < BitsAllocated. Added check to the image preprocessing to make sure that the value of HighBit is always less than the value of BitsAllocated. Before, this missing check could lead to memory corruption if an invalid combination of values was retrieved from a malformed DICOM dataset. . Thanks to Emmanuel Tacheau from the Cisco Talos team <vulndiscovery@external.cisco.com> for the report, sample file (PoC) and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333. |
Joerg Riesmeier <dicom@jriesmeier.com> | yes | debian | 2025-01-18 | |
| 0009-CVE-2025-25475.patch | commit bffa3e9116abb7038b432443f16b1bd390e80245 Fixed issue with invalid RLE compressed DICOM images. Fixed issue when processing an RLE compressed image where the RLE header contains an invalid stripe size. Thanks to Ding zhengzheng <xiaozheng.ding399@gmail.com> for the report and the sample file (PoC). |
Marco Eichelberg <eichelberg@offis.de> | no | 2025-01-23 | ||
| 0010-CVE-2025-25474.patch | commit 1d205bcd307164c99e0d4bbf412110372658d847 Fixed another issue with invalid DICOM images. Fixed issue when processing an invalid DICOM image where the number of pixels stored does not match the expected number of pixels (too less) and the combination of BitsAllocated and BitsStored is really unusual (e.g. 1 bit stored, but 52 bits allocated). In cases where the last pixel (e.g. a single bit) does not fit into the buffer of the input pixel data, a buffer overflow occurred on the heap. Now, the last entry of the buffer is filled with the smallest possible value (e.g. 0 in case of unsigned data). Thanks to Ding zhengzheng <xiaozheng.ding399@gmail.com> for the report and the sample file (PoC). |
Joerg Riesmeier <dicom@jriesmeier.com> | no | 2025-01-21 | ||
| 0011-CVE-2025-25472.patch | commit 410ffe2019b9db6a8f4036daac742a6f5e4d36c2 Fixed another issue with invalid mono images. Fixed issue when rendering an invalid monochrome DICOM image where the number of pixels stored does not match the expected number of pixels. In this case, only a single pixel is processed, but the pixel matrix is much larger. Filling the rest of the pixel matrix with the smallest possible value for the image is not working because of an optimized memory usage (value would be out of range). Now, the pixel value to be used is double-checked before it is actually filled into the "background" of the image. Thanks to Ding zhengzheng <xiaozheng.ding399@gmail.com> for the report and the sample file (PoC). diff --git a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h index 50389a540..f67967310 100644 |
Joerg Riesmeier <dicom@jriesmeier.com> | no | 2025-01-17 |
All known versions for source package 'dcmtk'
- 3.6.9-4 (sid, trixie)
- 3.6.7-9~deb12u2 (bookworm-proposed-updates)
- 3.6.7-9~deb12u1 (bookworm)
- 3.6.7-6~bpo11+1 (bullseye-backports)
- 3.6.5-1+deb11u3 (bullseye-security)
- 3.6.5-1 (bullseye)