Fixed issue rendering invalid monochrome image.
Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=
89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6
Bug-Debian: https://bugs.debian.org/
1093043
Reviewed-By: Étienne Mollier <emollier@debian.org>
Last-Update: 2025-01-18
Fixed issue when rendering an invalid monochrome DICOM image where the
number of pixels stored does not match the expected number of pixels.
If the stored number is less than the expected number, the rest of the
pixel matrix for the intermediate representation was always filled with
the value 0. Under certain, very rare conditions, this could result in
memory problems reported by an Address Sanitizer (ASAN). Now, the rest
of the matrix is filled with the smallest possible value for the image.
Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscovery@external.cisco.com> for the original report, the sample
file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796.
Gbp-Pq: Name 0007-CVE-2024-47796.patch
projects / dcmtk.git / commit