Emmanuel Arias pushed to branch master at Debian Med / gdcm
Commits: c48aae4f by Emmanuel Arias at 2025-12-20T14:57:07-03:00 Fix CVE-2025-11266: Avoid out-of-bounds vulnerability CVE-2025-11266.patch: Avoid out-of-bounds vulnerability. The issue was triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments. This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow in buffer indexing (Closes: #1122862). - - - - - 6eb2d6ee by Emmanuel Arias at 2025-12-21T09:38:56-03:00 prepare for release - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2025-11266.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,14 @@ +gdcm (3.0.24-8) unstable; urgency=medium + + * Team upload. + * CVE-2025-11266.patch: Avoid out-of-bounds vulnerability. The issue + was triggered during parsing of a malformed DICOM file containing + encapsulated PixelData fragments. This vulnerability leads to a + segmentation fault caused by an out-of-bounds memory access due to + unsigned integer underflow in buffer indexing (Closes: #1122862). + + -- Emmanuel Arias <[email protected]> Sat, 20 Dec 2025 14:51:00 -0300 + gdcm (3.0.24-7) unstable; urgency=medium * Team upload. ===================================== debian/patches/CVE-2025-11266.patch ===================================== @@ -0,0 +1,29 @@ +From 5829c95c8ac3afa9a3a3413675e948959c28a789 Mon Sep 17 00:00:00 2001 +From: Mathieu Malaterre <[email protected]> +Date: Fri, 26 Sep 2025 10:04:53 +0200 +Subject: [PATCH] Fix VU#591834.1 + +Original report is: + +Vulnerability VU#591834.1 (VU#591834) +Date Added: 2025-08-21 +Description: An out-of-bounds read vulnerability exists in the Grassroots DICOM library (GDCM), specifically within the SequenceOfFragments::ReadValue method. The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). + +Origin: https://github.com/malaterre/GDCM/commit/5829c95c8ac3afa9a3a3413675e948959c28a789 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-11266 +Bug-Debian: htts://bugs.debian.org/1122862 +--- + .../gdcmSequenceOfFragments.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Source/DataStructureAndEncodingDefinition/gdcmSequenceOfFragments.h ++++ b/Source/DataStructureAndEncodingDefinition/gdcmSequenceOfFragments.h +@@ -237,7 +237,7 @@ + const size_t lastf = Fragments.size() - 1; + const ByteValue *bv = Fragments[ lastf ].GetByteValue(); + const char *a = bv->GetPointer(); +- gdcmAssertAlwaysMacro( (unsigned char)a[ bv->GetLength() - 3 ] == 0xfe ); ++ gdcmAssertAlwaysMacro( bv->GetLength() >= 3 && (unsigned char)a[ bv->GetLength() - 3 ] == 0xfe ); + Fragments[ lastf ].SetByteValue( bv->GetPointer(), bv->GetLength() - 3 ); + is.seekg( -11, std::ios::cur ); + assert( is.good() ); ===================================== debian/patches/series ===================================== @@ -8,3 +8,4 @@ de650849a1f294dda8401e2925c40daec51d0d3b.patch cxx-standard-20.patch 05_vtk95.patch 06_doxygen.patch +CVE-2025-11266.patch View it on GitLab: https://salsa.debian.org/med-team/gdcm/-/compare/f99dbde11f2a09cd940ad6eb0599c91dd7e186db...6eb2d6ee8220e3d52f5021d6b740d8d1d6c13381 -- View it on GitLab: https://salsa.debian.org/med-team/gdcm/-/compare/f99dbde11f2a09cd940ad6eb0599c91dd7e186db...6eb2d6ee8220e3d52f5021d6b740d8d1d6c13381 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-med-commit mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
