Advisories ยป MGASA-2025-0076

Updated dcmtk packages fix security vulnerabilities

Publication date: 25 Feb 2025
Modification date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25472 , CVE-2025-25474 , CVE-2025-25475

Description

A buffer overflow in DCMTK allows attackers to cause a Denial of Service
(DoS) via a crafted DCM file (CVE-2025-25472).
DCMTK was discovered to contain a buffer overflow via the component
/dcmimgle/diinpxt.h (CVE-2025-25474).
A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK
allows attackers to cause a Denial of Service (DoS) via a crafted DICOM
file (CVE-2025-25475).
                

References

SRPMS

9/core