1223400 – (CVE-2024-22391) VUL-0: CVE-2024-22391: gdcm: heap-based buffer overflow in the LookupTable:SetLUT functionality

Bug 1223400 (CVE-2024-22391) - VUL-0: CVE-2024-22391: gdcm: heap-based buffer overflow in the LookupTable:SetLUT functionality

Summary: VUL-0: CVE-2024-22391: gdcm: heap-based buffer overflow in the LookupTable:Se...

Status:	RESOLVED FIXED

Alias:	CVE-2024-22391

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Other (show other bugs)
Version:	Leap 15.6
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major (vote)
Target Milestone:	---
Assignee:	Axel Braun
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/403163/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-22391:7.7:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-04-25 16:45 UTC by SMASH SMASH
Modified:	2024-06-14 16:53 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-04-25 16:45:42 UTC

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22391
https://www.cve.org/CVERecord?id=CVE-2024-22391
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1924

Comment 3 Axel Braun 2024-05-14 08:38:16 UTC

3.0.24 should fix this: https://build.opensuse.org/request/show/1173919

Comment 4 Axel Braun 2024-06-14 16:53:56 UTC

3.0.34 is in Factory an mr to LP155, 156