Advisories ยป MGASA-2023-0083

Updated dcmtk packages fix security vulnerability

Publication date: 11 Mar 2023
Modification date: 11 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-41687 , CVE-2021-41688 , CVE-2021-41689 , CVE-2021-41690 , CVE-2022-2119 , CVE-2022-2120 , CVE-2022-2121 , CVE-2022-43272

Description

Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user
or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. (CVE-2015-8979)

Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user
or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. (CVE-2019-1010228)

Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If
a user or an automated system were tricked into opening a certain
specially crafted input file, a remote attacker could possibly use this
issue to cause a denial of service. (CVE-2021-41687, CVE-2021-41688,
CVE-2021-41689, and CVE-2021-41690)

Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled
certain inputs. If a user or an automated system were tricked into opening
a certain specially crafted input file, a remote attacker could possibly
use this issue to execute arbitrary code. (CVE-2022-2119 and
CVE-2022-2120)

Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled
pointers. If a user or an automated system were tricked into opening a
certain specially crafted input file, a remote attacker could possibly use
this issue to cause a denial of service. (CVE-2022-2121)

It was discovered that DCMTK incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. (CVE-2022-43272)
                

References

SRPMS

8/core