{"id":"MGASA-2025-0076","summary":"Updated dcmtk packages fix security vulnerabilities","details":"A buffer overflow in DCMTK allows attackers to cause a Denial of Service\n(DoS) via a crafted DCM file (CVE-2025-25472).\nDCMTK was discovered to contain a buffer overflow via the component\n/dcmimgle/diinpxt.h (CVE-2025-25474).\nA NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK\nallows attackers to cause a Denial of Service (DoS) via a crafted DICOM\nfile (CVE-2025-25475).\n","modified":"2026-02-04T03:32:19.968114Z","published":"2025-02-25T21:40:52Z","related":["CVE-2025-25472","CVE-2025-25474","CVE-2025-25475"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0076.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34043"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VEIE5K5WMSCBUU2JDXY5E576NA36I3NC/"}],"affected":[{"package":{"name":"dcmtk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/dcmtk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.7-4.4.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0076.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}