[Debian-med-packaging] Bug#1136204: invesalius: CVE-2024-44825
Salvatore Bonaccorso
carnil at debian.org
Sun May 10 19:09:57 BST 2026
Source: invesalius
Version: 3.1.99998-8
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for invesalius.
CVE-2024-44825[0]:
| Directory Traversal vulnerability in Centro de Tecnologia da
| Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to
| write arbitrary files unto the system via a crafted .inv3 file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-44825
https://www.cve.org/CVERecord?id=CVE-2024-44825
[1] https://github.com/invesalius/invesalius3/commit/8b966260b3d9510e3ddc473aac4cc6578bab3aab
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Debian-med-packaging
mailing list