Advisories » MGASA-2025-0265

Updated dcmtk packages fix security vulnerabilities

Publication date: 07 Nov 2025
Modification date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9732

Description

A vulnerability was identified in DCMTK up to 3.6.9. This affects an
unknown function in the library
dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img.
Such manipulation leads to memory corruption. Local access is required
to approach this attack. The name of the patch is 7ad81d69b. It is best
practice to apply a patch to resolve this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34718
• https://lists.debian.org/debian-lts-announce/2025/11/msg00006.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732

SRPMS

9/core

• dcmtk-3.6.7-4.6.mga9