Debian Gdcm vulnerabilities
8 known vulnerabilities affecting debian/gdcm.
Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2LOW2
Vulnerabilities
Page 1 of 1
CVE-2015-8396P2CRITICALCVSS 10.0PoCfixed in gdcm 2.6.2-1 (bookworm)2015
CVE-2015-8396 [CRITICAL] CVE-2015-8396: gdcm - Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStora...
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 2.6.2-1)
bullseye: resolved (fi
debian
CVE-2024-22391P3HIGHCVSS 7.7fixed in gdcm 3.0.24-1 (forky)2024
CVE-2024-22391 [HIGH] CVE-2024-22391: gdcm - A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT fun...
A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.0.24-1)
sid: resolved (fix
debian
CVE-2024-22373P3HIGHCVSS 8.1fixed in gdcm 3.0.24-1 (forky)2024
CVE-2024-22373 [HIGH] CVE-2024-22373: gdcm - An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStream...
An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.0.24-1)
sid: r
debian
CVE-2015-8397P3HIGHCVSS 8.2fixed in gdcm 2.6.2-1 (bookworm)2015
CVE-2015-8397 [HIGH] CVE-2015-8397: gdcm - The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCo...
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-
debian
CVE-2009-3560P4LOWCVSS 5.0fixed in audacity 1.3.2-1 (bookworm)2009
CVE-2009-3560 [MEDIUM] CVE-2009-3560: audacity - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in ...
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-20
debian
CVE-2009-3720P4LOWCVSS 5.0fixed in audacity 1.3.2-1 (bookworm)2009
CVE-2009-3720 [MEDIUM] CVE-2009-3720: audacity - The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as ...
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Scope: local
bookwor
debian
CVE-2024-25569P4MEDIUMCVSS 6.5fixed in gdcm 3.0.24-1 (forky)2024
CVE-2024-25569 [MEDIUM] CVE-2024-25569: gdcm - An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes function...
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.0.24-1)
sid: resolved (fixed
debian
CVE-2025-11266P4MEDIUMCVSS 6.8fixed in gdcm 3.0.24-8 (forky)2025
CVE-2025-11266 [MEDIUM] CVE-2025-11266: gdcm - An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDC...
An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDCM). The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow
debian