I've noticed that the latest version of DCMTK is linked against libpng-1.2.5 and openssl-0.9.7d. From their web sites it appears that these versions of the libraries have security issues, does this mean that DCMTK software that has not been updated will also be vulnerable?
The relevant security warnings are on these pages:
http://www.libpng.org/pub/png/libpng.html
http://www.openssl.org/
Serious security issues with DCMTK?
Moderator: Moderator Team
-
Jörg Riesmeier
- ICSMED DICOM Services
- Posts: 2217
- Joined: Fri, 2004-10-29, 21:38
- Location: Oldenburg, Germany
Re: Serious security issues with DCMTK?
Though I did not check the websites very intensively it seems to me that the PNG issue only applies to the import of malformed PNG images. Since DCMTK (as of version 3.5.3) does only export PNG files there should be no risk.marcus wrote:does this mean that DCMTK software that has not been updated will also be vulnerable?
With regard to OpenSSL it seems that mainly versions prior to 0.9.7d are affected by "severe" security issues (see http://www.openssl.org/news/secadv_20040317.txt ).
Of course, you always have the possibility to compile the DCMTK tools on your own. The binary packages are merely provided for the convenience of our users.
Jörg
Re: Serious security issues with DCMTK?
Thanks for the reassurance 
Marcus
Marcus
Who is online
Users browsing this forum: Google [Bot] and 1 guest