Source: dcmtk Version: 3.6.7-13 Severity: important Tags: security upstream Forwarded: https://support.dcmtk.org/redmine/issues/1120 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.6.7-9 Control: found -1 3.6.7-8
Hi, The following vulnerability was published for dcmtk. CVE-2024-28130[0]: | An incorrect type conversion vulnerability exists in the | DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK | 3.6.8. A specially crafted malformed file can lead to arbitrary code | execution. An attacker can provide a malicious file to trigger this | vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-28130 https://www.cve.org/CVERecord?id=CVE-2024-28130 [1] https://support.dcmtk.org/redmine/issues/1120 [2] https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 [3] https://github.com/DCMTK/dcmtk/commit/601b227eecaab33a3a3a11dc256d84b1a62f63af https://github.com/DCMTK/dcmtk/commit/7d54f8efec995e5601d089fa17b0625c2b41af23 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
