Debian 11 gdcm Critical Buffer Overflow Denial-of-Service DLA-4652-1
debian lts
June 26, 2026
Multiple vulnerabilities were discovered in gdcm, a C++ library for working with DICOM medical files: CVE-2024-22373 An out-of-bounds write vulnerability exists in the JPEG2000Code...
Topics Covered
Summary
CVE-2024-22373
An out-of-bounds write vulnerability exists in the
JPEG2000Codec::DecodeByStreamsCommon functionality. A specially crafted
DICOM file can lead to a heap buffer overflow. An attacker can provide a
malicious file to trigger this vulnerability.
CVE-2024-22391
A heap-based buffer overflow vulnerability exists in the
LookupTable::SetLUT functionality. A specially crafted malformed file can
lead to memory corruption. An attacker can provide a malicious file to
trigger this vulnerability.
CVE-2024-25569
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes
functionality. A specially crafted DICOM file can lead to an out-of-bounds
read. An attacker can provide a malicious file to trigger this
vulnerability.
CVE-2025-11266
An out-of-bounds write vulnerability exists in the parsing of a malformed
DICOM file containing encapsulated PixelData fragments (compressed image
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: gdcm
Version: 3.0.8-2+deb11u1
CVE ID: CVE-2024-22373 CVE-2024-22391 CVE-2024-25569 CVE-2025-11266
Debian Bug: 1070387 1122862 1123576 1123587 1123589 1132042
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!