Advisories » MGASA-2025-0017

Updated dcmtk packages fix security vulnerabilities

Publication date: 20 Jan 2025
Modification date: 20 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47796 , CVE-2024-52333

Description

An improper array index validation vulnerability exists in the nowindow
functionality of OFFIS.  A specially crafted DICOM file can lead to an
out-of-bounds write. An attacker can provide a malicious file to trigger
this vulnerability, CVE-2024-47796.
An improper array index validation vulnerability exists in the
determineMinMax functionality of OFFIS. A specially crafted DICOM file
can lead to an out-of-bounds write. An attacker can provide a malicious
file to trigger this vulnerability, CVE-2024-52333.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33930
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/JUKUCNFPV6HQLIZ5S6NYRJ4LAZYRZSXJ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47796
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52333

SRPMS

9/core

• dcmtk-3.6.7-4.3.mga9