--- /dev/null
+Author: Joerg Riesmeier <dicom@jriesmeier.com>
+Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6
+Bug-Debian: https://bugs.debian.org/1093043
+Reviewed-By: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-01-18
+Description: Fixed issue rendering invalid monochrome image.
+ Fixed issue when rendering an invalid monochrome DICOM image where the
+ number of pixels stored does not match the expected number of pixels.
+ If the stored number is less than the expected number, the rest of the
+ pixel matrix for the intermediate representation was always filled with
+ the value 0. Under certain, very rare conditions, this could result in
+ memory problems reported by an Address Sanitizer (ASAN). Now, the rest
+ of the matrix is filled with the smallest possible value for the image.
+ .
+ Thanks to Emmanuel Tacheau from the Cisco Talos team
+ <vulndiscovery@external.cisco.com> for the original report, the sample
+ file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796.
+
+--- dcmtk.orig/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
++++ dcmtk/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
+@@ -72,9 +72,9 @@
+ rescale(pixel); // "copy" or reference pixel data
+ this->determineMinMax(OFstatic_cast(T3, this->Modality->getMinValue()), OFstatic_cast(T3, this->Modality->getMaxValue()));
+ }
+- /* erase empty part of the buffer (= blacken the background) */
++ /* erase empty part of the buffer (= fill the background with the smallest possible value) */
+ if ((this->Data != NULL) && (this->InputCount < this->Count))
+- OFBitmanipTemplate<T3>::zeroMem(this->Data + this->InputCount, this->Count - this->InputCount);
++ OFBitmanipTemplate<T3>::setMem(this->Data + this->InputCount, OFstatic_cast(T3, this->Modality->getAbsMinimum()), this->Count - this->InputCount);
+ }
+ }
+
projects / dcmtk.git / commitdiff