CVE-2015-8397

Priority
Description
The JPEGLSCodec::DecodeExtent function in
MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka
GDCM) before 2.6.2 allows remote attackers to obtain sensitive information
from process memory or cause a denial of service (application crash) via an
embedded JPEG-LS image with dimensions larger than the selected region in a
(1) two-dimensional or (2) three-dimensional DICOM image file, which
triggers an out-of-bounds read.
Ubuntu-Description
It was discovered that GDCM incorrectly handled certain DICOM image files. An
attacker could possibly use this issue to cause a denial of service or obtain
sensitive information from process memory.
Notes
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:released (2.6.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.6.2-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.6.2-2)
Ubuntu 19.04 (Disco Dingo):not-affected (2.6.2-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.6.2-2)
Ubuntu 20.04 (Focal Fossa):not-affected (2.6.2-2)
Patches:
Upstream:http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
More Information

Updated: 2019-12-05 19:26:15 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)