An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. https://support.dcmtk.org/redmine/issues/1120
Created dcmtk tracking bugs for this issue: Affects: epel-8 [bug 2293954] Affects: fedora-39 [bug 2293955] Affects: fedora-40 [bug 2293953]