Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-41690: GitHub - DCMTK/dcmtk: Official DCMTK Github Mirror

DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.

CVE
#git#perl#ssl

DCMTK

This DICOM ToolKit (DCMTK) package consists of source code, documentation and installation instructions for a set of software libraries and applications implementing part of the DICOM/MEDICOM Standard.

DCMTK contains the following sub-packages, each in its own sub-directory:

  • config - configuration utilities for DCMTK
  • dcmdata - a data encoding/decoding library and utility apps
  • dcmect - a library for working with Enhanced CT objects
  • dcmfg - a library for working with functional groups
  • dcmimage - adds support for color images to dcmimgle
  • dcmimgle - an image processing library and utility apps
  • dcmiod - a library for working with information objects and modules
  • dcmjpeg - a compression/decompression library and utility apps
  • dcmjpls - a compression/decompression library and utility apps
  • dcmnet - a networking library and utility apps
  • dcmpmap - a library for working with parametric map objects
  • dcmpstat - a presentation state library and utility apps
  • dcmqrdb - an image database server
  • dcmrt - a radiation therapy library and utility apps
  • dcmseg - a library for working with segmentation objects
  • dcmsign - a digital signature library and utility apps
  • dcmsr - a structured reporting library and utility apps
  • dcmtls - security extensions for the network library
  • dcmtract - a library for working with tractography results
  • dcmwlm - a modality worklist database server
  • oficonv - a character set conversion library
  • oflog - a logging library based on log4cplus
  • ofstd - a library of general purpose classes

Each sub-directory (except config) contains further sub-directories for application source code (apps), library source code (libsrc), library include files (include), configuration data (etc), documentation (docs), sample and support data (data) as well as test programs (tests).

To build and install the DCMTK package see the INSTALL file. For copyright information see the COPYRIGHT file. For information about the history of this software see the HISTORY file. For answers to frequently asked questions please consult the FAQ.

In addition to the API documentation, which is also available online, there is a Wiki system where further information (e.g. HOWTOs) can be found.

If you find bugs or other problems with this software, we would appreciate hearing about them. Please send electronic mail to: bugs/at/dcmtk/dot/org

Please try to describe the problem in detail and if possible give a suggested fix. For general questions on how to compile, install or use the toolkit we recommend the public discussion forum.

Related news

Ubuntu Security Notice USN-7010-1

Ubuntu Security Notice 7010-1 - Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.

Ubuntu Security Notice USN-5882-1

Ubuntu Security Notice 5882-1 - Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907