Debian Patches
Status for gdcm/3.0.24-11
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| rename-pdf.patch | rename pdf based on major version | Gert Wollny <gw.fossdev@gmail.com> | no | 2020-08-08 | ||
| 02_fixhurd.patch | Fix compilation on GNU/Hurd According to explanation from: http://www.gnu.org/software/hurd/hurd/porting/guidelines.html#GNU_specific_define_tt_ |
Mathieu Malaterre <malat@debian.org> | no | 2024-09-14 | ||
| 03_linkvtkdoc.patch | Correct use of scripts from vtk7-doc In vtk7-doc these scripts are installed uncompressed. In addition the patch changes the vtk doxygen source directory and incorporates an patch to link to the VTK doc and replace PNG by SVG, Merged to one patch because they overlap partially. |
"Mathieu Malaterre" <malat@debian.org> | no | 2024-09-14 | ||
| 04_multiarch.patch | fix relative links now that gdcm is multi-arched | Mathieu Malaterre <malat@debian.org> | no | debian | 2024-09-14 | |
| dircos_rev.patch | Revert gdcmDirectionCosines destructor change | Gianfranco Costamagna <locutusofborg@debian.org> | no | debian | upstream | 2023-12-07 |
| de650849a1f294dda8401e2925c40daec51d0d3b.patch | include(GNUInstallDirs) in CMakeLists.txt While updating the Debian/Ubuntu package, I encountered a configure error with vtkgdcmpython.h not being given an installation destination due to CMAKE_INSTALL_INCLUDEDIR not being set. This is solved by adding "include(GNUInstallDirs)" in CMakeLists.txt. I picked up line 190 but I think that other lines will do just as fine. I've attached the corresponding patch. |
Adrien Nader <adrien@notk.org> | no | 2024-06-18 | ||
| 3be6c2fa0945c91889bcf06e8c20e88f69692dd5.patch | Problem compiling with VTK 9.3.0 support With the following patch I succeded to build against VTK 9.3.0 Fixes #552 |
Nicklas Larsson <n_larsson@yahoo.com> | no | 2024-06-18 | ||
| cxx-standard-20.patch | set CXX standard to 20, following poppler's change[1] 1. https://gitlab.freedesktop.org/poppler/poppler/-/commit/d8ae3ba#9a2aa4db38d3115ed60da621e012c0efc0172aae |
Andreas Hasenack <andreas.hasenack@canonical.com> | yes | upstream | 2024-06-24 | |
| 05_vtk95.patch | VTK 9.5 compat fix: use .c_str() instead of deprecated vtkStdString cast | Dominique Belhachemi <domibel@debian.org> | no | 2025-10-06 | ||
| 06_doxygen.patch | Overlong enum table removed due to LaTeX memory constraints | Andreas Tille <tille@debian.org> | no | debian | 2025-12-04 | |
| CVE-2025-11266.patch | An out-of-bounds read vulnerability exists in the Grassroots DICOM library (GDCM), specifically within the SequenceOfFragments::ReadValue method. The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). | Mathieu Malaterre <mathieu.malaterre@gmail.com> | no | debian | https://github.com/malaterre/GDCM/commit/5829c95c8ac3afa9a3a3413675e948959c28a789 | 2025-09-26 |
| fix-GooString-use-std-string-size.patch | fix(GooString): use std::string::size Required for poppler rebase to 26.01.0 |
"Ankur Sinha (Ankur Sinha Gmail)" <sanjay.ankur@gmail.com> | yes | 2026-01-21 | ||
| CVE-2025-52582.patch | Fix bug #512: Crash when reading corrupted Jpeg2000 files Prevent overlay extraction in case of malformed overlay or image information. Add warning to prevent user |
pleduff <pierre.ldff@gmail.com> | no | debian | https://github.com/malaterre/GDCM/commit/14825ceb1cb6855f32e726ee5cd2968e3051da2a | 2020-11-09 |
| CVE-2025-53618_CVE-2025-53619.patch | Add a frame size check to ensure that the provided data corresponds to the buffer size | pierre <pierre@intradys.com> | no | debian | https://github.com/malaterre/GDCM/commit/f0e359c87947326c7fb2f7b91ecbe351e9d8c683 | 2026-01-08 |
| CVE-2025-48429.patch | Refactor the RLE header to ensure it conforms to the DICOM standard. | pierre <pierre@intradys.com> | no | debian | https://github.com/malaterre/GDCM/commit/0393310f8bb27c3bec8b67c6bfb18f71f6a15bb8 | 2026-01-08 |
| CVE-2026-3650.patch | Fix CVE-2026-3650: reject Value Length exceeding stream size A crafted DICOM file could specify an arbitrarily large Value Length field (up to ~4 GB), causing ByteValue::SetLength() to attempt a massive memory allocation before any stream data is read. This enables denial-of-service via memory exhaustion. Add stream-size validation in ExplicitDataElement::ReadValue(), ImplicitDataElement::ReadValue(), Fragment::ReadValue(), and Fragment::ReadBacktrack(). Before allocating a ByteValue, the code now compares the declared VL against the remaining bytes in the stream via tellg()/seekg(). Non-seekable streams skip the check gracefully. Also fix out-of-bounds array accesses in SequenceOfFragments where bv->GetLength() - N was used without verifying minimum length, affecting lines that use gdcmAssertAlwaysMacro (active in release). Add TestCVE20263650 covering Explicit VR, Implicit VR, and Fragment code paths with a 1 GB VL on a ~20-byte stream. |
Matt McCormick <matt@fideus.io> | no | debian | backport, https://github.com/malaterre/GDCM/commit/9d65a217c958968a74c14b10388d03ca61953a74 | 2026-04-15 |