Lucene search
K

Debian dla-4652 : gdcm-doc - security update

🗓️ 26 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

Debian 11 gdcm security update fixes multiple CVEs including buffer and out-of-bounds issues.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4652. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(323102);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/26");

  script_cve_id(
    "CVE-2024-22373",
    "CVE-2024-22391",
    "CVE-2024-25569",
    "CVE-2025-11266",
    "CVE-2025-48429",
    "CVE-2025-52582",
    "CVE-2025-53618",
    "CVE-2025-53619",
    "CVE-2026-3650"
  );

  script_name(english:"Debian dla-4652 : gdcm-doc - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4652 advisory.

    -------------------------------------------------------------------------
    Debian LTS Advisory DLA-4652-1                [email protected]
    https://www.debian.org/lts/security/                       Emmanuel Arias
    June 26, 2026                                 https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : gdcm
    Version        : 3.0.8-2+deb11u1
    CVE ID         : CVE-2024-22373 CVE-2024-22391 CVE-2024-25569 CVE-2025-11266
                     CVE-2025-48429 CVE-2025-52582 CVE-2025-53618 CVE-2025-53619
                     CVE-2026-3650
    Debian Bug     : 1070387 1122862 1123576 1123587 1123589 1132042

    Multiple vulnerabilities were discovered in gdcm, a C++ library for working
    with DICOM medical files:

    CVE-2024-22373

        An out-of-bounds write vulnerability exists in the
        JPEG2000Codec::DecodeByStreamsCommon functionality. A specially crafted
        DICOM file can lead to a heap buffer overflow. An attacker can provide a
        malicious file to trigger this vulnerability.

    CVE-2024-22391

        A heap-based buffer overflow vulnerability exists in the
        LookupTable::SetLUT functionality. A specially crafted malformed file can
        lead to memory corruption. An attacker can provide a malicious file to
        trigger this vulnerability.

    CVE-2024-25569

        An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes
        functionality. A specially crafted DICOM file can lead to an out-of-bounds
        read. An attacker can provide a malicious file to trigger this
        vulnerability.

    CVE-2025-11266

        An out-of-bounds write vulnerability exists in the parsing of a malformed
        DICOM file containing encapsulated PixelData fragments (compressed image
        data stored as multiple fragments). This vulnerability leads to a
        segmentation fault caused by an out-of-bounds memory access due to an
        unsigned integer underflow in buffer indexing. It is exploitable via file
        input: simply opening a crafted malicious DICOM file is sufficient to
        trigger the crash, resulting in a denial-of-service condition.

    CVE-2025-48429

        An out-of-bounds read vulnerability exists in the
        RLECodec::DecodeByStreams functionality. A specially crafted DICOM file
        can lead to leaking heap data. An attacker can provide a malicious file to
        trigger this vulnerability.

    CVE-2025-52582

        An out-of-bounds read vulnerability exists in the
        Overlay::GrabOverlayFromPixelData functionality. A specially crafted DICOM
        file can lead to an information leak. An attacker can provide a malicious
        file to trigger this vulnerability.

    CVE-2025-53618

        An out-of-bounds read vulnerability exists in the
        JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file
        can lead to an information leak. An attacker can provide a malicious file
        to trigger this vulnerability. The function grayscale_convert is called
        based on the value of the malicious DICOM file specifying the intended
        interpretation of the image pixel data.

    CVE-2025-53619

        An out-of-bounds read vulnerability exists in the
        JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file
        can lead to an information leak. An attacker can provide a malicious file
        to trigger this vulnerability. The function null_convert is called based
        on the value of the malicious DICOM file specifying the intended
        interpretation of the image pixel data.

    CVE-2026-3650

        A memory leak exists when parsing malformed DICOM files with non-standard
        VR types in file meta information. The vulnerability leads to vast memory
        allocations and resource depletion, triggering a denial-of-service
        condition. A maliciously crafted file can fill the heap in a single read
        operation without properly releasing it.

    For Debian 11 bullseye, these problems have been fixed in version
    3.0.8-2+deb11u1.

    We recommend that you upgrade your gdcm packages.

    For the detailed security status of gdcm please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/gdcm

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    Attachment:
    signature.asc
    Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/gdcm");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-22373");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-22391");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-25569");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-11266");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-48429");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-52582");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-53618");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-53619");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-3650");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/gdcm");
  script_set_attribute(attribute:"solution", value:
"Upgrade the gdcm-doc packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-22391");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-3650");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gdcm-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-cil");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm3.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-cil");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm3.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-gdcm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-vtkgdcm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'gdcm-doc', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libgdcm-cil', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libgdcm-dev', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libgdcm-java', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libgdcm-tools', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libgdcm3.0', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libvtkgdcm-cil', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libvtkgdcm-dev', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libvtkgdcm-java', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libvtkgdcm-tools', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'libvtkgdcm3.0', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'python3-gdcm', 'reference': '3.0.8-2+deb11u1'},
    {'release': '11.0', 'prefix': 'python3-vtkgdcm', 'reference': '3.0.8-2+deb11u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gdcm-doc / libgdcm-cil / libgdcm-dev / libgdcm-java / libgdcm-tools / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation