|
Message-ID: <5693649D.2050802@census-labs.com> Date: Mon, 11 Jan 2016 10:15:25 +0200 From: Stelios Tsampas <stelios@...sus-labs.com> To: oss-security@...ts.openwall.com Cc: fulldisclosure@...lists.org, bugtraq@...urityfocus.com Subject: CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an integer overflow vulnerability which leads to a buffer overflow and potentially to remote code execution. The vulnerability is triggered by the exposed function gdcm::ImageRegionReader::ReadIntoBuffer, which copies DICOM image data to a buffer. ReadIntoBuffer checks whether the supplied buffer is large enough to hold the necessary data, however in this check it fails to detect the occurrence of an integer overflow, which leads to a buffer overflow later on in the code. The buffer overflow will occur regardless of the size of the buffer supplied to the ReadIntoBuffer call. More information about this vulnerability can be found at http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/ The GDCM project has released version 2.6.2 that addresses this issue. It is advised to upgrade all GDCM installations to the latest stable release. Disclosure Timeline ------------------- CVE assignment: December 2nd, 2015 Vendor Contact: December 4th, 2015 Vendor Patch Release: December 23rd, 2015 Public Advisory: January 11th, 2016 Regards, Stelios Tsampas IT Security Researcher CENSUS S.A.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.