Source: dcmtk Version: 3.6.9-5 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for dcmtk. CVE-2025-9732[0]: | A vulnerability was identified in DCMTK up to 3.6.9. This affects an | unknown function in the library | dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. | Such manipulation leads to memory corruption. Local access is | required to approach this attack. The name of the patch is | 7ad81d69b. It is best practice to apply a patch to resolve this | issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-9732 https://www.cve.org/CVERecord?id=CVE-2025-9732 [1] https://github.com/DCMTK/dcmtk/commit/7ad81d69b19714936e18ea5fc74edaeb9f021ce7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
