[Debian-med-packaging] Bug#1074534: Bug#1074534: dcm2niix: CVE-2024-27629
Étienne Mollier
emollier at debian.org
Wed Aug 7 21:54:25 BST 2024
Control: found -1 1.0.20220720-1
Control: notfound -1 1.0.20201102-1
Control: tags -1 + bookworm
Greetings,
I tried to stress the CVE-2024-27629 affecting dcm2niix:
| An issue in dc2niix before v.1.0.20240202 allows a local attacker to
| execute arbitrary code via the generated file name is not properly
| escaped and injected into a system call when certain types of
| compression are used.
I think that I managed to trip the vulnerability on bookworm.
But it seems that on bullseye, the file name embedded in the
dicom file does not trip a shell command execution. Unless I
missed something, it seems that the problem did not exist à that
time.
I'm considering preparing a bookworm proposed update with the
patch for the next point release. I'm less sure about touching
bullseye for this one: the patch mangles file name upon
conversion, and there is no real benefit if the problem indeed
does not appear on that old operating system level.
Have a nice day, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/6, please excuse my verbosity
`- on air: Genesis - Domino (live)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20240807/fcf27433/attachment-0001.sig>
More information about the Debian-med-packaging
mailing list