{"id":"USN-7010-1","summary":"dcmtk vulnerabilities","details":"Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If\na user or an automated system were tricked into opening a certain specially\ncrafted input file, a remote attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690)\n\nSharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled\npointers. If a user or an automated system were tricked into opening a\ncertain specially crafted input file, a remote attacker could possibly use\nthis issue to cause a denial of service. This issue only affected\nUbuntu 20.04 LTS. (CVE-2022-2121)\n\nIt was discovered that DCMTK incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a certain specially\ncrafted input file, a remote attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2022-43272)\n\nIt was discovered that DCMTK incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a certain specially\ncrafted input file, a remote attacker could possibly use this issue to\nexecute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS\nand Ubuntu 22.04 LTS. (CVE-2024-28130)\n\nIt was discovered that DCMTK incorrectly handled memory when processing an\ninvalid incoming DIMSE message. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2024-34508, CVE-2024-34509)\n","modified":"2026-02-10T04:45:26Z","published":"2024-09-17T05:18:27Z","related":["UBUNTU-CVE-2021-41687","UBUNTU-CVE-2021-41688","UBUNTU-CVE-2021-41689","UBUNTU-CVE-2021-41690","UBUNTU-CVE-2022-2121","UBUNTU-CVE-2022-43272","UBUNTU-CVE-2024-28130","UBUNTU-CVE-2024-34508","UBUNTU-CVE-2024-34509"],"upstream":["CVE-2021-41687","CVE-2021-41688","CVE-2021-41689","CVE-2021-41690","CVE-2022-2121","CVE-2022-43272","CVE-2024-28130","CVE-2024-34508","CVE-2024-34509","UBUNTU-CVE-2021-41687","UBUNTU-CVE-2021-41688","UBUNTU-CVE-2021-41689","UBUNTU-CVE-2021-41690","UBUNTU-CVE-2022-2121","UBUNTU-CVE-2022-43272","UBUNTU-CVE-2024-28130","UBUNTU-CVE-2024-34508","UBUNTU-CVE-2024-34509"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7010-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41687"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41688"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41689"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41690"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2121"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-43272"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-28130"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-34508"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-34509"}],"affected":[{"package":{"name":"dcmtk","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/dcmtk@3.6.1~20150924-5ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.1~20150924-5ubuntu0.1~esm2"}]}],"versions":["3.6.0-15.1","3.6.1~20150629-5","3.6.1~20150924-4","3.6.1~20150924-5","3.6.1~20150924-5ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"dcmtk","binary_version":"3.6.1~20150924-5ubuntu0.1~esm2"},{"binary_name":"libdcmtk-dev","binary_version":"3.6.1~20150924-5ubuntu0.1~esm2"},{"binary_name":"libdcmtk5","binary_version":"3.6.1~20150924-5ubuntu0.1~esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7010-1.json","cves_map":{"cves":[{"id":"CVE-2024-34508","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34509","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"dcmtk","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/dcmtk@3.6.2-3ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.2-3ubuntu0.1~esm2"}]}],"versions":["3.6.2-2","3.6.2-2build1","3.6.2-3","3.6.2-3build1","3.6.2-3build2","3.6.2-3build3","3.6.2-3ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"dcmtk","binary_version":"3.6.2-3ubuntu0.1~esm2"},{"binary_name":"libdcmtk-dev","binary_version":"3.6.2-3ubuntu0.1~esm2"},{"binary_name":"libdcmtk12","binary_version":"3.6.2-3ubuntu0.1~esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7010-1.json","cves_map":{"cves":[{"id":"CVE-2024-34508","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34509","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"dcmtk","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/dcmtk@3.6.4-2.1ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.4-2.1ubuntu0.1"}]}],"versions":["3.6.4-2.1","3.6.4-2.1build1","3.6.4-2.1build2"],"ecosystem_specific":{"binaries":[{"binary_name":"dcmtk","binary_version":"3.6.4-2.1ubuntu0.1"},{"binary_name":"libdcmtk-dev","binary_version":"3.6.4-2.1ubuntu0.1"},{"binary_name":"libdcmtk14","binary_version":"3.6.4-2.1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7010-1.json","cves_map":{"cves":[{"id":"CVE-2021-41687","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-41688","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-41689","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-41690","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-2121","severity":[{"score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-43272","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2024-28130","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34508","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34509","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"dcmtk","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/dcmtk@3.6.6-5ubuntu0.1~esm2?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.6-5ubuntu0.1~esm2"}]}],"versions":["3.6.5-1","3.6.6-3ubuntu1","3.6.6-3ubuntu2","3.6.6-4","3.6.6-5","3.6.6-5ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"dcmtk","binary_version":"3.6.6-5ubuntu0.1~esm2"},{"binary_name":"libdcmtk-dev","binary_version":"3.6.6-5ubuntu0.1~esm2"},{"binary_name":"libdcmtk16","binary_version":"3.6.6-5ubuntu0.1~esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7010-1.json","cves_map":{"cves":[{"id":"CVE-2024-28130","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34508","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34509","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}},{"package":{"name":"dcmtk","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/dcmtk@3.6.7-9.1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.7-9.1ubuntu0.1~esm1"}]}],"versions":["3.6.7-9","3.6.7-9.1build2","3.6.7-9.1build3","3.6.7-9.1build4"],"ecosystem_specific":{"binaries":[{"binary_name":"dcmtk","binary_version":"3.6.7-9.1ubuntu0.1~esm1"},{"binary_name":"libdcmtk-dev","binary_version":"3.6.7-9.1ubuntu0.1~esm1"},{"binary_name":"libdcmtk17t64","binary_version":"3.6.7-9.1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7010-1.json","cves_map":{"cves":[{"id":"CVE-2024-34508","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-34509","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:24.04:LTS"}}}],"schema_version":"1.7.3"}