Added check to make sure: HighBit < BitsAllocated.
Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=
03e851b0586d05057c3268988e180ffb426b2e03
Bug-Debian: https://bugs.debian.org/
1093047
Reviewed-By: Étienne Mollier <emollier@debian.org>
Last-Update: 2025-01-18
Added check to the image preprocessing to make sure that the value of
HighBit is always less than the value of BitsAllocated. Before, this
missing check could lead to memory corruption if an invalid combination
of values was retrieved from a malformed DICOM dataset.
Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscovery@external.cisco.com> for the report, sample file (PoC)
and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333.
Gbp-Pq: Name 0008-CVE-2024-52333.patch
projects / dcmtk.git / commit