[med-svn] [Git][med-team/dcmtk][debian/bookworm] 2 commits: 0020-CVE-2026-12805.patch: new: fix CVE-2026-12805.

Étienne Mollier (@emollier) gitlab at salsa.debian.org
Wed Jun 24 20:17:44 BST 2026



Étienne Mollier pushed to branch debian/bookworm at Debian Med / dcmtk


Commits:
9589b5f4 by Étienne Mollier at 2026-06-24T21:16:02+02:00
0020-CVE-2026-12805.patch: new: fix CVE-2026-12805.

This patch fixes a risk of buffer overflow by ensuring negative error
codes in XMLNode::parseFile are properly handled, as well a NULL
values.

Closes: #1140562

- - - - -
2e190d85 by Étienne Mollier at 2026-06-24T21:17:05+02:00
d/changelog: update to include 0020-CVE-2026-12805.patch.

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/0020-CVE-2026-12805.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -11,8 +11,12 @@ dcmtk (3.6.7-9~deb12u4) bookworm; urgency=medium
     This patch required some rework from upstream due to little changes in
     the logic and the coding style. (Closes: #1133001)
   * 0019-CVE-2026-10194.patch: new: fix CVE-2026-10194. (Closes: #1139181)
+  * 0020-CVE-2026-12805.patch: new: fix CVE-2026-12805.
+    This patch fixes a risk of buffer overflow by ensuring negative error
+    codes in XMLNode::parseFile are properly handled, as well a NULL
+    values. (Closes: #1140562)
 
- -- Étienne Mollier <emollier at debian.org>  Fri, 12 Jun 2026 20:59:14 +0200
+ -- Étienne Mollier <emollier at debian.org>  Wed, 24 Jun 2026 21:16:40 +0200
 
 dcmtk (3.6.7-9~deb12u3) bookworm; urgency=medium
 


=====================================
debian/patches/0020-CVE-2026-12805.patch
=====================================
@@ -0,0 +1,34 @@
+commit 1d4b3815c0987840a983160bfc671fef63a3105b
+Author: Marco Eichelberg <eichelberg at offis.de>
+Date:   Sat May 23 17:07:58 2026 +0200
+
+    Fixed buffer overflow in XMLNode::parseFile().
+    
+    Fixed a heap buffer overflow that could occur in the XML parser
+    when reading from a named pipe.
+    
+    Thanks to Cristhian Daniel Rivas Zúñiga and Sebastian Andres Muñoz Morera
+    (Insituto Tecnológico de Costa Rica) for the bug report and fix.
+    
+    This closes DCMTK issue #1208.
+
+--- dcmtk.orig/ofstd/libsrc/ofxml.cc
++++ dcmtk/ofstd/libsrc/ofxml.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 2011-2021, OFFIS e.V.
++ *  Copyright (C) 2011-2026, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were slightly modified by
+@@ -1962,7 +1962,8 @@
+     if (f==NULL) { if (pResults) pResults->error=eXMLErrorFileNotFound; return emptyXMLNode; }
+     fseek(f,0,SEEK_END);
+     int l=OFstatic_cast(int, ftell(f)),headerSz=0;
+-    if (!l) { if (pResults) pResults->error=eXMLErrorEmpty; fclose(f); return emptyXMLNode; }
++    // DCMTK: handle situation where ftell() returns -1
++    if (l <= 0) { if (pResults) pResults->error=eXMLErrorEmpty; fclose(f); return emptyXMLNode; }
+     fseek(f,0,SEEK_SET);
+     unsigned char *buf=OFreinterpret_cast(unsigned char*, malloc(l+4));
+     l=OFstatic_cast(int, fread(buf,1,l,f));


=====================================
debian/patches/series
=====================================
@@ -29,3 +29,4 @@ c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch
 0017-CVE-2025-14841.patch
 0018-CVE-2026-5663.patch
 0019-CVE-2026-10194.patch
+0020-CVE-2026-12805.patch



View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/b247b97c9820fb692e068653719750f5cdc46f35...2e190d854038a02c89cd978300f0c13ab0e73b4d

-- 
View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/b247b97c9820fb692e068653719750f5cdc46f35...2e190d854038a02c89cd978300f0c13ab0e73b4d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20260624/580b0278/attachment-0001.htm>


More information about the debian-med-commit mailing list