CVE-2015-8397
published 2016-01-12CVE-2015-8397: The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to…
PriorityP337high8.2CVSS 3.1
AVNACLPRNUINSUCLINAH
EPSS
3.61%
88.0th percentile
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdcm | < gdcm 2.6.2-1 (bookworm) | gdcm 2.6.2-1 (bookworm) |
| malaterre | grassroots_dicom | < 2.6.2 | 2.6.2 |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv8.2HIGH
vendor_debian8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2015-8397: gdcm - The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCo...
vendor_debian·2015·CVSS 8.2
CVE-2015-8397 [HIGH] CVE-2015-8397: gdcm - The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCo...
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.
Scope: local
bookworm: resolved (fixed in 2.6.2-1)
bullseye: resolved (fixed in 2.6.2-1)
forky: resolved (fixed in 2.6.2-1)
sid: resolved (fixed in 2.6.2-1)
trixie: resolved (fixed in 2.6.2-1)
GHSA
GHSA-25wj-x94f-xxw3: The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec
ghsa_unreviewed·2022-05-13
CVE-2015-8397 [HIGH] CWE-125 GHSA-25wj-x94f-xxw3: The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.
OSV
CVE-2015-8397: The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec
osv·2016-01-12·CVSS 8.2
CVE-2015-8397 [HIGH] CVE-2015-8397: The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8397 gdcm: Out-of-bounds read in JPEGLSCodec::DecodeExtent [fedora-all]
bugzilla·2016-01-11·CVSS 8.2
CVE-2015-8397 [HIGH] CVE-2015-8397 gdcm: Out-of-bounds read in JPEGLSCodec::DecodeExtent [fedora-all]
CVE-2015-8397 gdcm: Out-of-bounds read in JPEGLSCodec::DecodeExtent [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2015-8397 gdcm: Out-of-bounds read in JPEGLSCodec::DecodeExtent
bugzilla·2016-01-11·CVSS 8.2
CVE-2015-8397 [HIGH] CVE-2015-8397 gdcm: Out-of-bounds read in JPEGLSCodec::DecodeExtent
CVE-2015-8397 gdcm: Out-of-bounds read in JPEGLSCodec::DecodeExtent
It was found that GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an out-of-bounds read vulnerability due to missing checks. The vulnerability occurs during the decoding of JPEG-LS images when the dimensions of the embedded JPEG-LS image (as specified in the JPEG headers) are smaller than the ones of the selected region (set by gdcm::ImageRegionReader::SetRegion and usually based on DICOM header values).
Publiv via:
http://seclists.org/bugtraq/2016/Jan/32
External reference:
http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
Discussion:
Created gdcm tracking bugs for this issue:
Affects: fedora-all [bug 1297433]
---
AFAICT, this affects the 2.6 series
http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/http://packetstormsecurity.com/files/135206/GDCM-2.6.0-2.6.1-Out-Of-Bounds-Read.htmlhttp://seclists.org/fulldisclosure/2016/Jan/33http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/http://sourceforge.net/p/gdcm/mailman/message/34670701/http://sourceforge.net/p/gdcm/mailman/message/34687533/http://www.securityfocus.com/archive/1/537263/100/0/threadedhttp://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/http://packetstormsecurity.com/files/135206/GDCM-2.6.0-2.6.1-Out-Of-Bounds-Read.htmlhttp://seclists.org/fulldisclosure/2016/Jan/33http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/http://sourceforge.net/p/gdcm/mailman/message/34670701/http://sourceforge.net/p/gdcm/mailman/message/34687533/http://www.securityfocus.com/archive/1/537263/100/0/threaded
2016-01-12
Published