Bug 1227235 (CVE-2024-27628)

Summary:	VUL-0: CVE-2024-27628: dcmtk: buffer overflow via the EctEnhancedCT method
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	andrea.mattiazzo, camila.matos
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/412392/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-07-01 12:52:29 UTC

Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-27628
https://www.cve.org/CVERecord?id=CVE-2024-27628
https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3
https://support.dcmtk.org/redmine/issues/1108
https://bugzilla.redhat.com/show_bug.cgi?id=2294757

Comment 2 Christophe Marin 2024-07-01 13:37:51 UTC

The fix for this one was also submitted months ago to all supported openSUSE versions:

Factory: SR#1169995
15.5: SR#1169994
15.6: SR#1169993

Reassign to secteam

Comment 3 Andrea Mattiazzo 2024-07-08 09:35:04 UTC

All done, closing.