Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 38: FEDORA-2024-7a57842ec3 Critical: GDCM Issues

fedora
Calendar Grey May 5, 2024
Dist Fedora Esm H88
Fedora 38 security advisories detail critical vulnerabilities in the GDCM library, including heap overflow and out-of-bounds access affecting application integrity
Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569: out-of-bounds read Bug fixes

Summary

Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files.

It supports ACR-NEMA version 1 and 2 (huffman compression is not supported),

RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax.

It comes with a super fast scanner implementation to quickly scan hundreds of

DICOM files. It supports SCU network operations (C-ECHO, C-FIND, C-STORE,

C-MOVE). PS 3.3 & 3.6 are distributed as XML files.

It also provides PS 3.15 certificates and password based mechanism to

anonymize and de-identify DICOM datasets.

Update Information:

Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569: out-of-bounds read Bug fixes Replace deprecated PyEval_CallObject for compatibility with Python 3.13

Topics%20covered

Topics Covered

security advisory fedora critical threat heap overflow out-of-bounds read out-of-bounds write gdcm

Change Log

* Fri Apr 26 2024 Sandro - 3.0.21-3 - Apply security patches - Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288) - Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292) - Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296) * Fri Apr 26 2024 Sandro - 3.0.21-2 - Replace deprecated PyEval_CallObject() (RHBZ#2245816) * Fri Apr 26 2024 Sandro - 3.0.21-1 - Revert "Update to 3.0.22" * Fri Apr 26 2024 Sandro - 3.0.22-1 - Revert "Update to 3.0.23" * Wed Mar 6 2024 Sandro - 3.0.23-2 - Migrate to SPDX license * Wed Mar 6 2024 Sandro - 3.0.23-1 - Update to 3.0.23 (RHBZ#2257639) - Drop `157.patch` (merged upstream) - Bump soname * Wed Mar 6 2024 Orion Poplawski - 3.0.22-1 - Update to 3.0.22

References


[ 1 ] Bug #2277284 - CVE-2024-22391 gdcm: crafted malformed file can lead to memory corruption due to heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=2277284 [ 2 ] Bug #2277289 - CVE-2024-22373 gdcm: out-of-bounds write vulnerability lead to a heap buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=2277289 [ 3 ] Bug #2277293 - CVE-2024-25569 gdcm: out-of-bounds read vulnerability in the RAWCodec::DecodeBytes https://bugzilla.redhat.com/show_bug.cgi?id=2277293

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7a57842ec3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gdcm
Product: Fedora 38
Version: 3.0.21
Release: 4.fc38
URL: Summary : Grassroots DiCoM is a C++ library to parse DICOM medical files

Topics%20covered

Topics Covered

security advisory fedora critical threat heap overflow out-of-bounds read out-of-bounds write gdcm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here