Bug 2277284 (CVE-2024-22391) - CVE-2024-22391 gdcm: crafted malformed file can lead to memory corruption due to heap overflow
Summary: CVE-2024-22391 gdcm: crafted malformed file can lead to memory corruption due...
Keywords:
Status: NEW
Alias: CVE-2024-22391
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2277286 2277287 2277288
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-04-26 05:35 UTC by Rohit Keshri
Modified: 2024-04-26 05:36 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2024-04-26 05:35:24 UTC
A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924

Comment 1 Rohit Keshri 2024-04-26 05:36:03 UTC
Created gdcm tracking bugs for this issue:

Affects: fedora-38 [bug 2277286]
Affects: fedora-39 [bug 2277287]
Affects: fedora-40 [bug 2277288]


Note You need to log in before you can comment on or make changes to this bug.