Debian alert DLA-4363-1 (dcmtk)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4363-1] dcmtk security update | |
| Date: | Mon, 03 Nov 2025 23:29:31 +0100 | |
| Message-ID: | <936f819fbc27acc64672edbcb6493198ed144c3e.camel@debian.org> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4363-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany November 03, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : dcmtk Version : 3.6.5-1+deb11u5 CVE ID : CVE-2020-36855 CVE-2022-4981 CVE-2025-9732 Debian Bug : 1113993 Several vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts of the DICOM standard for medical images. CVE-2025-9732 Processing of an invalid DICOM image with a Photometric Interpretation of "YBR_FULL" and a Planar Configuration of "1" where the number of pixels stored does not match the expected number of pixels. This may lead to memory corruption. CVE-2022-4981 Various issues in the dcmqrscp configuration file parser that could cause application crashes when reading a malformed configuration file, due to insufficient checks of the input data. CVE-2020-36855 Stack-based overflow in the dcmqrscp config parser. For Debian 11 bullseye, these problems have been fixed in version 3.6.5-1+deb11u5. We recommend that you upgrade your dcmtk packages. For the detailed security status of dcmtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dcmtk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmkJLMtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSmRg//ViDHNlCE8w22xrnaSQtBcfdw1Lohk/HVBBQhToyZGD6aRWnLpX29Bt9g teA2DCcQG5tU7QflbxcUBxqTVYb++c/mS9CQN+sqSrIPB6wOdaEBiDbgVbsCGQzH 0O9cUjBubZUcKCKQE5yXub1BeTaiac236AoK55zzRRcMIXbe0dpwmHBMa/G+BOHz Q/5ucAP5pGCq6d2YAP+V1V0c9Bx42CxVJMZBDsw8i1GOWTi92IhC3yKr/8rJOS7S ygxTvHT5Henft/eX8otgrCegTtuJe8Rk795y6+xndpN6AvRfwWtV2WfmbLBzNt2c e0l8f2F5jDXkxMA/BIl7M2kxKuqbDlvjr5H9b08EToCA/BzyPadXBDvmXfscmysT qIJxRFAZNVsQbRaHzWXjaAwCaOG3vWPCMuNQz8vISzW/KdXtKrcuRSmqS7/Diq/a 7MAKdq3ATC2HVKTrY+MaNs/GgS0/VkvRWbQYnuo7NgzSta7CVk+UMNLYxZj2kNW/ jbrBlX1QQV+TN1/drM/YmxwwSvSZUei5j53O8U2i6szdcE57PBSc+4jcI2wXeXXH 7X1E7dzachhiPX1WA13mY9OU1BtVp8bt3lx+cglZSzcjxEgXN4KQrwiqnLLYY/zI Cv9O7wJQTReZ2CeXhRXjf8mkFS9P62nwOSY7B6IKm44wDZxvOwk= =JYu3 -----END PGP SIGNATURE-----