http://bugzilla.opensuse.org/show_bug.cgi?id=1201179 Bug ID: 1201179 Summary: VUL-0: CVE-2021-41688: dcmtk: object in the program is free but its address is still used in other locations Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/335775/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-41688 DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41688 https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85... http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41688 https://github.com/DCMTK/dcmtk -- You are receiving this mail because: You are on the CC list for the bug.