0008-CVE-2024-52333.patch: new.

This patch addresses CVE-2024-52333.

Closes: #1093047

diff --git a/debian/patches/0008-CVE-2024-52333.patch b/debian/patches/0008-CVE-2024-52333.patch
new file mode 100644 (file)
index 0000000..3f8a246
--- /dev/null
+++ b/debian/patches/0008-CVE-2024-52333.patch
@@ -0,0 +1,48 @@
+Author: Joerg Riesmeier <dicom@jriesmeier.com>
+Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03
+Bug-Debian: https://bugs.debian.org/1093047
+Reviewed-By: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-01-18
+Description:  Added check to make sure: HighBit < BitsAllocated.
+ Added check to the image preprocessing to make sure that the value of
+ HighBit is always less than the value of BitsAllocated. Before, this
+ missing check could lead to memory corruption if an invalid combination
+ of values was retrieved from a malformed DICOM dataset.
+ .
+ Thanks to Emmanuel Tacheau from the Cisco Talos team
+ <vulndiscovery@external.cisco.com> for the report, sample file (PoC)
+ and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333.
+
+--- dcmtk.orig/dcmimgle/libsrc/diimage.cc
++++ dcmtk/dcmimgle/libsrc/diimage.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 1996-2021, OFFIS e.V.
++ *  Copyright (C) 1996-2025, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were developed by
+@@ -548,12 +548,18 @@
+     {
+         const unsigned long fsize = OFstatic_cast(unsigned long, Rows) * OFstatic_cast(unsigned long, Columns) *
+             OFstatic_cast(unsigned long, SamplesPerPixel);
+-        if ((BitsAllocated < 1) || (BitsStored < 1) || (BitsAllocated < BitsStored) ||
+-            (BitsStored > OFstatic_cast(Uint16, HighBit + 1)))
++        if ((BitsAllocated < 1) || (BitsStored < 1))
+         {
+             ImageStatus = EIS_InvalidValue;
+-            DCMIMGLE_ERROR("invalid values for 'BitsAllocated' (" << BitsAllocated << "), "
+-                << "'BitsStored' (" << BitsStored << ") and/or 'HighBit' (" << HighBit << ")");
++            DCMIMGLE_ERROR("invalid value(s) for 'BitsAllocated' (" << BitsAllocated << "), "
++                << "and/or 'BitsStored' (" << BitsStored << ")");
++            return;
++        }
++        else if ((BitsAllocated < BitsStored) || (BitsAllocated <= HighBit) || ((BitsStored - 1) > HighBit))
++        {
++            ImageStatus = EIS_InvalidValue;
++            DCMIMGLE_ERROR("invalid combination of values for 'BitsAllocated' (" << BitsAllocated << "), "
++                << "'BitsStored' (" << BitsStored << ") and 'HighBit' (" << HighBit << ")");
+             return;
+         }
+         else if ((evr == EVR_OB) && (BitsStored <= 8))

diff --git a/debian/patches/series b/debian/patches/series
index 5f44bf76c0c68a624f91617bf43aecc1c2785fad..5d6221f5d498072c0d92675f8d936f40941d03fa 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,4 @@ da5370947226783ce3548bf1e5b7112fac70de46.patch
 0005-Fixed-DcmDecimalString-unit-tests.patch
 0006-Fixed-possible-overflows-when-allocating-memory.patch
 0007-CVE-2024-47796.patch
+0008-CVE-2024-52333.patch