Stefan Cornelius of Secunia Research found an insufficient input sanitation in the way DevIL image library used to process Digital Imaging and Communications in Medicine (DICOM) images. If a remote attacker could trick a local user to process a specially-crafted DICOM image in an application, using the DevIL image processing library, it could lead to stack-based buffer overflow and denial of service (application crash).
Issue now public via: http://sourceforge.net/tracker/?func=detail&aid=2908728&group_id=4470&atid=304470
Secunia advisories: http://secunia.com/advisories/37507/ http://secunia.com/secunia_research/2009-51/
DevIL-1.7.8-4.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/DevIL-1.7.8-4.fc11
DevIL-1.7.8-4.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/DevIL-1.7.8-4.fc12
DevIL-1.7.8-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
DevIL-1.7.8-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.