Mageia Advisory: MGASA-2024-0251 - Updated dcmtk packages fix security vulnerabilities

Updated dcmtk packages fix security vulnerabilities

Publication date: 03 Jul 2024
Modification date: 03 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28130 , CVE-2024-34508 , CVE-2024-34509

Description

Multiple vulnerabilities have benn fixed in DCMTK, a collection of
libraries and applications implementing large parts the DICOM standard
for medical images.
CVE-2021-41687
    Incorrect freeing of memory
CVE-2021-41688
    Incorrect freeing of memory
CVE-2021-41689
    NULL pointer dereference
CVE-2021-41690
    Incorrect freeing of memory
CVE-2022-2121
    NULL pointer dereference
CVE-2022-43272
    Memory leak in single process mode
CVE-2024-28130
    Segmentation faults due to incorrect typecast
CVE-2024-34508
    Segmentation fault via invalid DIMSE message
CVE-2024-34509
    Segmentation fault via invalid DIMSE message

References

https://bugs.mageia.org/show_bug.cgi?id=33350
https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34509

SRPMS

9/core

dcmtk-3.6.7-4.1.mga9

Advisories » MGASA-2024-0251

Updated dcmtk packages fix security vulnerabilities

Description

References

SRPMS

9/core