[Bug 1223324] New: VUL-0: CVE-2024-28130: dcmtk: incorrect type conversion in the DVPSSoftcopyVOI_PList:createFromImage functionality of OFFIS DCMTK
https://bugzilla.suse.com/show_bug.cgi?id=1223324 Bug ID: 1223324 Summary: VUL-0: CVE-2024-28130: dcmtk: incorrect type conversion in the DVPSSoftcopyVOI_PList:createFromImage functionality of OFFIS DCMTK Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/402934/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: KDE Applications Assignee: christophe@krop.fr Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: camila.matos@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28130 https://www.cve.org/CVERecord?id=CVE-2024-28130 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223324 https://bugzilla.suse.com/show_bug.cgi?id=1223324#c1 --- Comment #1 from Camila Camargo de Matos <camila.matos@suse.com> --- Possible fix: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=601b227eecaab33a3a3a11dc256d84... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223324 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223324 https://bugzilla.suse.com/show_bug.cgi?id=1223324#c4 --- Comment #4 from Marcus Meissner <meissner@suse.com> --- openSUSE-SU-2024:0113-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1220809,1223324 CVE References: CVE-2024-28130 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): dcmtk-3.6.8-bp155.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223324 https://bugzilla.suse.com/show_bug.cgi?id=1223324#c5 Christophe Marin <christophe@krop.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|christophe@krop.fr |security-team@suse.de --- Comment #5 from Christophe Marin <christophe@krop.fr> --- Done, reassign to secteam -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com