CVE-2015-8396

Priority
Description
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in
MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM
(aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via
crafted header dimensions in a DICOM image file, which triggers a buffer
overflow.
Ubuntu-Description
It was discovered that GDCM incorrectly handled certain DICOM image files. An
attacker could possibly use this issue to cause a denial of service.
Notes
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:released (2.6.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.6.2-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.6.2-2)
Ubuntu 19.04 (Disco Dingo):not-affected (2.6.2-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.6.2-2)
Ubuntu 20.04 (Focal Fossa):not-affected (2.6.2-2)
Patches:
Upstream:https://sourceforge.net/p/gdcm/gdcm/ci/0f6f82052484774d072784f32105cecc79c45c19/
Upstream:http://sourceforge.net/p/gdcm/gdcm/ci/92cd6d7fe0d01c61cf68ac4ef65ef388ee252415/
Upstream:http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
Upstream:http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
More Information

Updated: 2019-12-05 19:26:15 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)