Fedora 40 : gdcm (2024-fae33e6e9f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fae33e6e9f advisory. Security fixes - TALOS-2024-1924, CVE-2024-22391: heap overflow - TALOS-2024-1935, CVE-2024-22373: out-of-bounds write - TALOS-2024-1944,...

Fedora 38 : gdcm (2024-7a57842ec3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7a57842ec3 advisory. Security fixes - TALOS-2024-1924, CVE-2024-22391: heap overflow - TALOS-2024-1935, CVE-2024-22373: out-of-bounds write - TALOS-2024-1944,...

Fedora 39 : gdcm (2024-11821b16ac)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-11821b16ac advisory. Security fixes - TALOS-2024-1924, CVE-2024-22391: heap overflow - TALOS-2024-1935, CVE-2024-22373: out-of-bounds write - TALOS-2024-1944,...

CVE-2024-25569

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-22391

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-22373

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-22373

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-22373

The CVE-2024-22373 vulnerability affects Grassroot DICOM 3.0.23 (Mathieu Malaterre) and is caused by an out-of-bounds write in JPEG2000Codec::DecodeByStreamsCommon, leading to a heap buffer overflow when processing a crafted DICOM file. Exploitation would be via a malicious file and could impact ...

CVE-2024-22391

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-22373

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-22391

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-25569

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-25569

CVE-2024-25569 affects Grassroots DiCoM (GDCM) 3.0.23. The RAWCodec::DecodeBytes path allows an attacker to supply a crafted DICOM file that can trigger an out-of-bounds read. Affected product/version: Grassroots DICOM 3.0.23 (GDCM). Impact, per sources: out-of-bounds read potentially enabling in...

CVE-2024-25569

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-25569

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability...

Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...