Fedora 44 python-pydicom Critical Path Traversal CVE-2026-32711 Advisory
fedora
April 25, 2026
Patch release for security advisory CVE-2026-32711
Summary
pydicom is a pure python package for working with DICOM files. It was made for
inspecting and modifying DICOM data in an easy "pythonic" way. The
modifications can be written again to a new file.
pydicom is not a DICOM server, and is not primarily about viewing images. It is
designed to let you manipulate data elements in DICOM files with python code.
Limitations -- the main limitation of the current version is that compressed
pixel data (e.g. JPEG) cannot be altered in an intelligent way as it can for
uncompressed pixels. Files can always be read and saved, but compressed pixel
data cannot easily be modified.
Documentation is available at https://pydicom.github.io/pydicom
Update Information:
Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.
Topics Covered
Change Log
* Tue Mar 31 2026 Packit
References
[ 1 ] Bug #2449267 - python-pydicom-3.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449267
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9eecdef4e0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: python-pydicom
Product: Fedora 44
Version: 3.0.2
Release: 1.fc44
Summary: Read, modify and write DICOM files with python code
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!