ELA-1118-1 dcmtk security update

multiple vulnerabilities

2024-06-30
Packagedcmtk
Version3.6.1~20160216-4+deb10u1 (stretch)
Related CVEs CVE-2019-1010228 CVE-2021-41687 CVE-2021-41688 CVE-2021-41689 CVE-2021-41690 CVE-2022-2121 CVE-2022-43272 CVE-2024-28130 CVE-2024-34508 CVE-2024-34509


Multiple vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images.

CVE-2019-1010228

Buffer overflow in DcmRLEDecoder::decompress()

CVE-2021-41687

Incorrect freeing of memory

CVE-2021-41688

Incorrect freeing of memory

CVE-2021-41689

NULL pointer dereference

CVE-2021-41690

Incorrect freeing of memory

CVE-2022-2121

NULL pointer dereference

CVE-2022-43272

Memory leak in single process mode

CVE-2024-28130

Segmentation faults due to incorrect typecast

CVE-2024-34508

Segmentation fault via invalid DIMSE message

CVE-2024-34509

Segmentation fault via invalid DIMSE message


For Debian 9 stretch, these problems have been fixed in version 3.6.1~20160216-4+deb10u1.

We recommend that you upgrade your dcmtk packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.