Source: dcmtk Version: 3.6.7-15 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://support.dcmtk.org/redmine/issues/1108 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.6.7-9~deb12u1
Hi, The following vulnerability was published for dcmtk. CVE-2024-27628[0]: | Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to | execute arbitrary code via the EctEnhancedCT method component. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27628 https://www.cve.org/CVERecord?id=CVE-2024-27628 [1] https://support.dcmtk.org/redmine/issues/1108 [2] https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3 Regards, Salvatore
