SUSE Package Hub - openSUSE-2023-108

Update Info

openSUSE-2023-108

Security update for dcmtk

Type: security

Severity: moderate

Issued: 2023-05-15

Description:

This update for dcmtk fixes the following issues:

- CVE-2022-43272: Fixed memory leak via the T_ASC_Association object (boo#1206070)

- Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637,
  CVE-2022-2121, CVE-2022-2120, CVE-2022-2119)
  - CVE-2022-2121: Fixed possible DoS via NULL pointer dereference
  - CVE-2022-2120: Fixed relative path traversal vulnerability
  - CVE-2022-2119: Fixed path traversal vulnerability

  See DOCS/CHANGES.367 for the full list of changes

  * Updated code definitions for DICOM 2022b
  * Fixed possible NULL pointer dereference

References

CVE: CVE-2022-43272
CVE: CVE-2022-2121
CVE: CVE-2022-2120
CVE: CVE-2022-2119
Bugzilla: 1208639 VUL-0: CVE-2022-2121: dcmtk: possible DoS via NULL pointer dereference
Bugzilla: 1208638 VUL-0: CVE-2022-2120: dcmtk: relative path traversal vulnerability
Bugzilla: 1208637 VUL-0: CVE-2022-2119: dcmtk: path traversal vulnerability
Bugzilla: 1206070 VUL-0: CVE-2022-43272: dcmtk: memory leak via the T_ASC_Association object.

Packages

dcmtk-3.6.7-bp154.2.3.1