An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
{ "binaries": [ { "binary_name": "dcmtk", "binary_version": "3.6.4-2.1ubuntu0.1" }, { "binary_name": "dcmtk-dbgsym", "binary_version": "3.6.4-2.1ubuntu0.1" }, { "binary_name": "dcmtk-doc", "binary_version": "3.6.4-2.1ubuntu0.1" }, { "binary_name": "libdcmtk-dev", "binary_version": "3.6.4-2.1ubuntu0.1" }, { "binary_name": "libdcmtk14", "binary_version": "3.6.4-2.1ubuntu0.1" }, { "binary_name": "libdcmtk14-dbgsym", "binary_version": "3.6.4-2.1ubuntu0.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "dcmtk", "binary_version": "3.6.6-5ubuntu0.1~esm2" }, { "binary_name": "dcmtk-dbgsym", "binary_version": "3.6.6-5ubuntu0.1~esm2" }, { "binary_name": "dcmtk-doc", "binary_version": "3.6.6-5ubuntu0.1~esm2" }, { "binary_name": "libdcmtk-dev", "binary_version": "3.6.6-5ubuntu0.1~esm2" }, { "binary_name": "libdcmtk16", "binary_version": "3.6.6-5ubuntu0.1~esm2" }, { "binary_name": "libdcmtk16-dbgsym", "binary_version": "3.6.6-5ubuntu0.1~esm2" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium" }