Updated dcmtk packages fix security vulnerabilities
Publication date: 25 Feb 2025Modification date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25472 , CVE-2025-25474 , CVE-2025-25475
Description
A buffer overflow in DCMTK allows attackers to cause a Denial of Service
(DoS) via a crafted DCM file (CVE-2025-25472).
DCMTK was discovered to contain a buffer overflow via the component
/dcmimgle/diinpxt.h (CVE-2025-25474).
A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK
allows attackers to cause a Denial of Service (DoS) via a crafted DICOM
file (CVE-2025-25475).
References
- https://bugs.mageia.org/show_bug.cgi?id=34043
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VEIE5K5WMSCBUU2JDXY5E576NA36I3NC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25472
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25475
SRPMS
9/core
- dcmtk-3.6.7-4.4.mga9