| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/source-package/gdcm |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-22373 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-22391 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-25569 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2025-11266 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2025-48429 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2025-52582 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2025-53618 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2025-53619 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-3650 |
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4652. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(323102);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/26");
script_cve_id(
"CVE-2024-22373",
"CVE-2024-22391",
"CVE-2024-25569",
"CVE-2025-11266",
"CVE-2025-48429",
"CVE-2025-52582",
"CVE-2025-53618",
"CVE-2025-53619",
"CVE-2026-3650"
);
script_name(english:"Debian dla-4652 : gdcm-doc - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4652 advisory.
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4652-1 [email protected]
https://www.debian.org/lts/security/ Emmanuel Arias
June 26, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : gdcm
Version : 3.0.8-2+deb11u1
CVE ID : CVE-2024-22373 CVE-2024-22391 CVE-2024-25569 CVE-2025-11266
CVE-2025-48429 CVE-2025-52582 CVE-2025-53618 CVE-2025-53619
CVE-2026-3650
Debian Bug : 1070387 1122862 1123576 1123587 1123589 1132042
Multiple vulnerabilities were discovered in gdcm, a C++ library for working
with DICOM medical files:
CVE-2024-22373
An out-of-bounds write vulnerability exists in the
JPEG2000Codec::DecodeByStreamsCommon functionality. A specially crafted
DICOM file can lead to a heap buffer overflow. An attacker can provide a
malicious file to trigger this vulnerability.
CVE-2024-22391
A heap-based buffer overflow vulnerability exists in the
LookupTable::SetLUT functionality. A specially crafted malformed file can
lead to memory corruption. An attacker can provide a malicious file to
trigger this vulnerability.
CVE-2024-25569
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes
functionality. A specially crafted DICOM file can lead to an out-of-bounds
read. An attacker can provide a malicious file to trigger this
vulnerability.
CVE-2025-11266
An out-of-bounds write vulnerability exists in the parsing of a malformed
DICOM file containing encapsulated PixelData fragments (compressed image
data stored as multiple fragments). This vulnerability leads to a
segmentation fault caused by an out-of-bounds memory access due to an
unsigned integer underflow in buffer indexing. It is exploitable via file
input: simply opening a crafted malicious DICOM file is sufficient to
trigger the crash, resulting in a denial-of-service condition.
CVE-2025-48429
An out-of-bounds read vulnerability exists in the
RLECodec::DecodeByStreams functionality. A specially crafted DICOM file
can lead to leaking heap data. An attacker can provide a malicious file to
trigger this vulnerability.
CVE-2025-52582
An out-of-bounds read vulnerability exists in the
Overlay::GrabOverlayFromPixelData functionality. A specially crafted DICOM
file can lead to an information leak. An attacker can provide a malicious
file to trigger this vulnerability.
CVE-2025-53618
An out-of-bounds read vulnerability exists in the
JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file
can lead to an information leak. An attacker can provide a malicious file
to trigger this vulnerability. The function grayscale_convert is called
based on the value of the malicious DICOM file specifying the intended
interpretation of the image pixel data.
CVE-2025-53619
An out-of-bounds read vulnerability exists in the
JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file
can lead to an information leak. An attacker can provide a malicious file
to trigger this vulnerability. The function null_convert is called based
on the value of the malicious DICOM file specifying the intended
interpretation of the image pixel data.
CVE-2026-3650
A memory leak exists when parsing malformed DICOM files with non-standard
VR types in file meta information. The vulnerability leads to vast memory
allocations and resource depletion, triggering a denial-of-service
condition. A maliciously crafted file can fill the heap in a single read
operation without properly releasing it.
For Debian 11 bullseye, these problems have been fixed in version
3.0.8-2+deb11u1.
We recommend that you upgrade your gdcm packages.
For the detailed security status of gdcm please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gdcm
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/gdcm");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-22373");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-22391");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-25569");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-11266");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-48429");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-52582");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-53618");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-53619");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-3650");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/gdcm");
script_set_attribute(attribute:"solution", value:
"Upgrade the gdcm-doc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-22391");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-3650");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/25");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gdcm-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-cil");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgdcm3.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-cil");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvtkgdcm3.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-gdcm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-vtkgdcm");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'gdcm-doc', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libgdcm-cil', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libgdcm-dev', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libgdcm-java', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libgdcm-tools', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libgdcm3.0', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libvtkgdcm-cil', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libvtkgdcm-dev', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libvtkgdcm-java', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libvtkgdcm-tools', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'libvtkgdcm3.0', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'python3-gdcm', 'reference': '3.0.8-2+deb11u1'},
{'release': '11.0', 'prefix': 'python3-vtkgdcm', 'reference': '3.0.8-2+deb11u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gdcm-doc / libgdcm-cil / libgdcm-dev / libgdcm-java / libgdcm-tools / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation