SUSE Package Hub - openSUSE-2025-53

Update Info

openSUSE-2025-53

Security update for dcmtk

Type: security

Severity: important

Issued: 2025-02-06

Description:

This update for dcmtk fixes the following issues:

Update to 3.6.9. See DOCS/CHANGES.368 for the full list of changes

Security issues fixed:

- CVE-2024-27628: Fixed buffer overflow via the EctEnhancedCT method (boo#1227235)
- CVE-2024-34508: Fixed a segmentation fault via an invalid DIMSE message (boo#1223925)
- CVE-2024-34509: Fixed segmentation fault via an invalid DIMSE message	(boo#1223943)
- CVE-2024-47796: Fixed out-of-bounds write due to improper array index validation in the nowindow functionality (boo#1235810)
- CVE-2024-52333: Fixed out-of-bounds write due to improper array index validation in the determineMinMax functionality (boo#1235811)

References

CVE: CVE-2024-52333
CVE: CVE-2024-47796
CVE: CVE-2024-34509
CVE: CVE-2024-34508
CVE: CVE-2024-27628
Bugzilla: 1235811 VUL-0: CVE-2024-52333: dcmtk: out-of-bounds write due to improper array index validation in the determineMinMax functionality
Bugzilla: 1235810 VUL-0: CVE-2024-47796: dcmtk: out-of-bounds write due to improper array index validation in the nowindow functionality
Bugzilla: 1227235 VUL-0: CVE-2024-27628: dcmtk: buffer overflow via the EctEnhancedCT method
Bugzilla: 1223943 VUL-0: CVE-2024-34509: dcmtk: segmentation fault via an invalid DIMSE message
Bugzilla: 1223925 VUL-0: CVE-2024-34508: dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

Packages

dcmtk-3.6.9-bp156.4.3.1