Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.
{ "binaries": [ { "binary_name": "dcmtk", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "dcmtk-dbgsym", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "dcmtk-doc", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "dcmtk-www", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "dcmtk-www-dbgsym", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "libdcmtk2", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "libdcmtk2-dbg", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "libdcmtk2-dbgsym", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "libdcmtk2-dev", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" }, { "binary_name": "libdcmtk2-dev-dbgsym", "binary_version": "3.6.0-15+deb8u1build0.14.04.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "dcmtk", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "dcmtk-dbgsym", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "dcmtk-doc", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk-dev", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk-dev-dbgsym", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk5", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk5-dbg", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk5-dbgsym", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium" }