[Debian-med-packaging] Bug#1074534: dcm2niix: CVE-2024-27629
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 30 14:02:55 BST 2024
Source: dcm2niix
Version: 1.0.20220720-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/rordenlab/dcm2niix/pull/789
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for dcm2niix.
CVE-2024-27629[0]:
| An issue in dc2niix before v.1.0.20240202 allows a local attacker to
| execute arbitrary code via the generated file name is not properly
| escaped and injected into a system call when certain types of
| compression are used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27629
https://www.cve.org/CVERecord?id=CVE-2024-27629
[1] https://github.com/rordenlab/dcm2niix/pull/789
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Debian-med-packaging
mailing list