Source: gdcm Version: 3.0.24-9 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for gdcm. CVE-2026-3650[0]: | A memory leak exists in the Grassroots DICOM library (GDCM). The bug | occurs when parsing malformed DICOM files with non-standard VR types | in file meta information. The vulnerability leads to vast memory | allocations and resource depletion, triggering a denial-of-service | condition. A maliciously crafted file can fill the heap in a single | read operation without properly releasing it. Unfortunately the Red Hat bugzilla entry does not contain information on upstream status. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-3650 https://www.cve.org/CVERecord?id=CVE-2026-3650 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2451988 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
