Bugzilla – Bug 1223398
VUL-0: CVE-2024-22373: gdcm: out-of-bounds write in the JPEG2000Codec:DecodeByStreamsCommon functionality
Last modified: 2024-06-18 22:04:51 UTC
An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22373 https://www.cve.org/CVERecord?id=CVE-2024-22373 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1935
3.0.24 should fix this: https://build.opensuse.org/request/show/1173919
3.0.24 is in Factory
3.0.24 is in Factory and mr to Lp155, 156
This is an autogenerated message for OBS integration: This bug (1223398) was mentioned in https://build.opensuse.org/request/show/1180953 Backports:SLE-15-SP5 / gdcm https://build.opensuse.org/request/show/1180954 Backports:SLE-15-SP6 / gdcm
openSUSE-SU-2024:0167-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1223398 CVE References: CVE-2024-22373 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): gdcm-3.0.24-bp155.2.4.1