{"id":"MGASA-2023-0083","summary":"Updated dcmtk packages fix security vulnerability","details":"Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If\na user or an automated system were tricked into opening a certain\nspecially crafted input file, a remote attacker could possibly use this\nissue to cause a denial of service. (CVE-2021-41687, CVE-2021-41688,\nCVE-2021-41689, and CVE-2021-41690)\n\nSharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening\na certain specially crafted input file, a remote attacker could possibly\nuse this issue to execute arbitrary code. (CVE-2022-2119 and\nCVE-2022-2120)\n\nSharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled\npointers. If a user or an automated system were tricked into opening a\ncertain specially crafted input file, a remote attacker could possibly use\nthis issue to cause a denial of service. (CVE-2022-2121)\n\nIt was discovered that DCMTK incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a certain specially\ncrafted input file, a remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-43272)\n","modified":"2026-03-25T17:45:17.488460Z","published":"2023-03-11T19:00:39Z","related":["CVE-2021-41687","CVE-2021-41688","CVE-2021-41689","CVE-2021-41690","CVE-2022-2119","CVE-2022-2120","CVE-2022-2121","CVE-2022-43272"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0083.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30790"},{"type":"REPORT","url":"https://dicom.offis.de/download/dcmtk/dcmtk367/ANNOUNCE"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2Z7WVDK43MKWOS23BIN4VCQRQRXHGSDB/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WF2FCZOYXVZ4ETCHO62JWUP4D55UWJCV/"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-5882-1"}],"affected":[{"package":{"name":"dcmtk","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/dcmtk?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.5-3.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0083.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}