[med-svn] [Git][med-team/gdcm][master] 2 commits: Fix CVE-2025-11266: Avoid out-of-bounds vulnerability

[Emmanuel Arias (@eamanu)]

Emmanuel Arias pushed to branch master at Debian Med / gdcm


Commits:
c48aae4f by Emmanuel Arias at 2025-12-20T14:57:07-03:00
Fix CVE-2025-11266: Avoid out-of-bounds vulnerability

CVE-2025-11266.patch: Avoid out-of-bounds vulnerability. The issue
  was triggered during parsing of a malformed DICOM file containing
  encapsulated PixelData fragments. This vulnerability leads to a
  segmentation fault caused by an out-of-bounds memory access due to
  unsigned integer underflow in buffer indexing (Closes: #1122862).

- - - - -
6eb2d6ee by Emmanuel Arias at 2025-12-21T09:38:56-03:00
prepare for release

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/CVE-2025-11266.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,14 @@
+gdcm (3.0.24-8) unstable; urgency=medium
+
+  * Team upload.
+  * CVE-2025-11266.patch: Avoid out-of-bounds vulnerability. The issue
+    was triggered during parsing of a malformed DICOM file containing
+    encapsulated PixelData fragments. This vulnerability leads to a
+    segmentation fault caused by an out-of-bounds memory access due to
+    unsigned integer underflow in buffer indexing (Closes: #1122862).
+
+ -- Emmanuel Arias <eamanu at debian.org>  Sat, 20 Dec 2025 14:51:00 -0300
+
 gdcm (3.0.24-7) unstable; urgency=medium
 
   * Team upload.


=====================================
debian/patches/CVE-2025-11266.patch
=====================================
@@ -0,0 +1,29 @@
+From 5829c95c8ac3afa9a3a3413675e948959c28a789 Mon Sep 17 00:00:00 2001
+From: Mathieu Malaterre <mathieu.malaterre at gmail.com>
+Date: Fri, 26 Sep 2025 10:04:53 +0200
+Subject: [PATCH] Fix VU#591834.1
+
+Original report is:
+
+Vulnerability VU#591834.1 (VU#591834)
+Date Added: 2025-08-21
+Description: An out-of-bounds read vulnerability exists in the Grassroots DICOM library (GDCM), specifically within the SequenceOfFragments::ReadValue method. The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments).
+
+Origin: https://github.com/malaterre/GDCM/commit/5829c95c8ac3afa9a3a3413675e948959c28a789
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-11266
+Bug-Debian: htts://bugs.debian.org/1122862
+---
+ .../gdcmSequenceOfFragments.h                                   | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/Source/DataStructureAndEncodingDefinition/gdcmSequenceOfFragments.h
++++ b/Source/DataStructureAndEncodingDefinition/gdcmSequenceOfFragments.h
+@@ -237,7 +237,7 @@
+       const size_t lastf = Fragments.size() - 1;
+       const ByteValue *bv = Fragments[ lastf ].GetByteValue();
+       const char *a = bv->GetPointer();
+-      gdcmAssertAlwaysMacro( (unsigned char)a[ bv->GetLength() - 3 ] == 0xfe );
++      gdcmAssertAlwaysMacro( bv->GetLength() >= 3 && (unsigned char)a[ bv->GetLength() - 3 ] == 0xfe );
+       Fragments[ lastf ].SetByteValue( bv->GetPointer(), bv->GetLength() - 3 );
+       is.seekg( -11, std::ios::cur );
+       assert( is.good() );


=====================================
debian/patches/series
=====================================
@@ -8,3 +8,4 @@ de650849a1f294dda8401e2925c40daec51d0d3b.patch
 cxx-standard-20.patch
 05_vtk95.patch
 06_doxygen.patch
+CVE-2025-11266.patch



View it on GitLab: https://salsa.debian.org/med-team/gdcm/-/compare/f99dbde11f2a09cd940ad6eb0599c91dd7e186db...6eb2d6ee8220e3d52f5021d6b740d8d1d6c13381

-- 
View it on GitLab: https://salsa.debian.org/med-team/gdcm/-/compare/f99dbde11f2a09cd940ad6eb0599c91dd7e186db...6eb2d6ee8220e3d52f5021d6b740d8d1d6c13381
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20251221/6034befc/attachment-0001.htm>