[med-svn] [Git][med-team/gdcm][debian/bookworm] CVE-2025-11266.patch: Avoid out-of-bounds vulnerability. The issue was...
Emmanuel Arias (@eamanu)
gitlab at salsa.debian.org
Tue Feb 17 19:17:49 GMT 2026
Emmanuel Arias pushed to branch debian/bookworm at Debian Med / gdcm
Commits:
4545800b by Emmanuel Arias at 2026-02-17T15:55:49-03:00
CVE-2025-11266.patch: Avoid out-of-bounds vulnerability. The issue was triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments. This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow in buffer indexing (Closes: #1122862).
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/CVE-2025-11266.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,11 +1,19 @@
gdcm (3.0.21-1+deb12u1) bookworm; urgency=medium
+ [ Étienne Mollier ]
* Team upload.
* CVE-2024-*.patch: new: fix multiple security issues.
This patch set addresses CVE-2024-22373, CVE-2024-22391 and
CVE-2024-25569. (Closes: #1070387)
- -- Étienne Mollier <emollier at debian.org> Sun, 05 May 2024 23:21:39 +0200
+ [ Emmanuel Arias]
+ * CVE-2025-11266.patch: Avoid out-of-bounds vulnerability. The issue
+ was triggered during parsing of a malformed DICOM file containing
+ encapsulated PixelData fragments. This vulnerability leads to a
+ segmentation fault caused by an out-of-bounds memory access due to
+ unsigned integer underflow in buffer indexing (Closes: #1122862).
+
+ -- Emmanuel Arias <eamanu at debian.org> Tue, 17 Feb 2026 15:18:56 -0300
gdcm (3.0.21-1) unstable; urgency=medium
=====================================
debian/patches/CVE-2025-11266.patch
=====================================
@@ -0,0 +1,25 @@
+From 5829c95c8ac3afa9a3a3413675e948959c28a789 Mon Sep 17 00:00:00 2001
+From: Mathieu Malaterre <mathieu.malaterre at gmail.com>
+Date: Fri, 26 Sep 2025 10:04:53 +0200
+Subject: [PATCH] Fix VU#591834.1
+Original report is:
+Vulnerability VU#591834.1 (VU#591834)
+Date Added: 2025-08-21
+Description: An out-of-bounds read vulnerability exists in the Grassroots DICOM library (GDCM), specifically within the SequenceOfFragments::ReadValue method. The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments).
+Origin: https://github.com/malaterre/GDCM/commit/5829c95c8ac3afa9a3a3413675e948959c28a789
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-11266
+Bug-Debian: htts://bugs.debian.org/1122862
+---
+ .../gdcmSequenceOfFragments.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+--- a/Source/DataStructureAndEncodingDefinition/gdcmSequenceOfFragments.h
++++ b/Source/DataStructureAndEncodingDefinition/gdcmSequenceOfFragments.h
+@@ -237,7 +237,7 @@
+ const size_t lastf = Fragments.size() - 1;
+ const ByteValue *bv = Fragments[ lastf ].GetByteValue();
+ const char *a = bv->GetPointer();
+- gdcmAssertAlwaysMacro( (unsigned char)a[ bv->GetLength() - 3 ] == 0xfe );
++ gdcmAssertAlwaysMacro( bv->GetLength() >= 3 && (unsigned char)a[ bv->GetLength() - 3 ] == 0xfe );
+ Fragments[ lastf ].SetByteValue( bv->GetPointer(), bv->GetLength() - 3 );
+ is.seekg( -11, std::ios::cur );
+ assert( is.good() );
=====================================
debian/patches/series
=====================================
@@ -5,3 +5,4 @@ rename-pdf.patch
CVE-2024-25569.patch
CVE-2024-22391.patch
CVE-2024-22373.patch
+CVE-2025-11266.patch
View it on GitLab: https://salsa.debian.org/med-team/gdcm/-/commit/4545800bcebb182034203a7f0045ef007bf9dc71
--
View it on GitLab: https://salsa.debian.org/med-team/gdcm/-/commit/4545800bcebb182034203a7f0045ef007bf9dc71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20260217/bce48dba/attachment-0001.htm>
More information about the debian-med-commit
mailing list