Dear all, Please note hat the following commit is also needed, as it fixes an issue with commit 7ad81d6:
https://github.com/DCMTK/dcmtk/commit/3de96da6cd66b1af7224561c568bc3de50cd1398 Regards, Jörg ------------------------------------------------------------- Subject: Bug#1113993: dcmtk: CVE-2025-9732 Date: Friday, September 5, 2025, 6:37:37 AM CEST From: Salvatore Bonaccorso <[email protected]> To: Debian Bug Tracking System <[email protected]> Source: dcmtk Version: 3.6.9-5 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Hi, The following vulnerability was published for dcmtk. CVE-2025-9732[0]: | A vulnerability was identified in DCMTK up to 3.6.9. This affects an | unknown function in the library | dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. | Such manipulation leads to memory corruption. Local access is | required to approach this attack. The name of the patch is | 7ad81d69b. It is best practice to apply a patch to resolve this | issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-9732 https://www.cve.org/CVERecord?id=CVE-2025-9732 [1] https://github.com/DCMTK/dcmtk/commit/7ad81d69b19714936e18ea5fc74edaeb9f021ce7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ------------------------------------------------------------- -- Dr. Joerg Riesmeier, Etzhorner Weg 19, 26125 Oldenburg, Germany E-Mail: [email protected], Homepage: www.jriesmeier.com
