Advisory: Vulnerability in assoc negotiation (DCMTK 3.6.0)
Moderator: Moderator Team
-
- OFFIS DICOM Team
- Posts: 1446
- Joined: Tue, 2004-11-02, 17:22
- Location: Oldenburg, Germany
- Contact:
Advisory: Vulnerability in assoc negotiation (DCMTK 3.6.0)
This is an advisory to users of DCMTK 3.6.0 and earlier: A vulnerability has been discovered in the association negotiation code that can be abused to cause a buffer overflow. This may cause the application to crash or to possibly execute malicious code provided by the caller). The issue, which is located in dcmnet/libsrc/dulparse.cc, has been fixed by commit 1b6bb76 on Dec 14, 2015. User who want to fix this vulnerability while continuing to use DCMTK 3.6.0 are advised to back-port this commit to their DCMTK 3.6.0 source tree, which is straightforward.
Who is online
Users browsing this forum: Ahrefs [Bot], Google [Bot] and 1 guest