Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patched dcmtk 3.6.6 20240418 #14

Open
wants to merge 2 commits into
base: patched-DCMTK-3.6.6_20210115
Choose a base branch
from
Open

Patched dcmtk 3.6.6 20240418 #14

wants to merge 2 commits into from

Conversation

malbi
Copy link

@malbi malbi commented Apr 19, 2024

Backport security fixes from the following post https://forum.dcmtk.org/viewtopic.php?t=5192 because of the folowing CVE: CVE-2022-2119 and CVE-2022-2120

Marco Eichelberg added 2 commits April 18, 2024 13:29
@malbi
[Backport] Fixed possible NULL pointer dereference.
661505c 
Fixed a possible NULL pointer dereference that could occur when reading an
invalid DICOM file from stdin. Loading a file from the file system
and receiving data over a network connection were not affected by this bug.

Thanks to Sharon Brizinov and Noam Moshe from Claroty Research for the
bug report and sample file.
@malbi
[Backport] Fixed path traversal vulnerability.
119e1ae 
Thanks to Sharon Brizinov >[email protected]> and Noam Moshe from
Claroty Research for the bug report and sample files.

This closes DCMTK issue #1021.
@malbi
Copy link
Author

malbi commented Apr 19, 2024

This pull request is meant to be integrated at least in CTK and 3DSlicer. I know that there is work in progress for upgrading DCMTK to the latest version in these projects (Slicer/Slicer#6709) but I would like to know if this can be a step in the mean time.

@malbi
Copy link
Author

malbi commented May 30, 2024

Hi, please let me know if this PR is relevant or if we need to close it.

@thewtex
Copy link

thewtex commented Jun 7, 2024

@jcfr push this branch into commontk?

@thewtex thewtex mentioned this pull request Jun 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@malbi @thewtex