OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.
{ "binaries": [ { "binary_name": "dcmtk", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "dcmtk-dbgsym", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "dcmtk-doc", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk-dev", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk-dev-dbgsym", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk5", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk5-dbg", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" }, { "binary_name": "libdcmtk5-dbgsym", "binary_version": "3.6.1~20150924-5ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "dcmtk", "binary_version": "3.6.2-3ubuntu0.1~esm1" }, { "binary_name": "dcmtk-dbgsym", "binary_version": "3.6.2-3ubuntu0.1~esm1" }, { "binary_name": "dcmtk-doc", "binary_version": "3.6.2-3ubuntu0.1~esm1" }, { "binary_name": "libdcmtk-dev", "binary_version": "3.6.2-3ubuntu0.1~esm1" }, { "binary_name": "libdcmtk12", "binary_version": "3.6.2-3ubuntu0.1~esm1" }, { "binary_name": "libdcmtk12-dbgsym", "binary_version": "3.6.2-3ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium" }