#44 PATCH: DevIL CVE-2009-3994 DICOM image processing flaw

closed-accepted
Matěj Týč
None
5
2014-07-16
2009-12-04
Hans de Goede
No

Stefan Cornelius of Secunia Research found an insufficient
input sanitation in the way DevIL image library used to process
Digital Imaging and Communications in Medicine (DICOM) images.
If a remote attacker could trick a local user to process
a specially-crafted DICOM image in an application, using
the DevIL image processing library, it could lead to
stack-based buffer overflow and denial of service (application
crash).

The attached patch fixes this.

Regards,

Hans de Goede (Fedora DevIl package maintainer)

Discussion

  • Hans de Goede
    Hans de Goede
    2009-12-04

    PATCH: DevIL CVE-2009-3994 DICOM image processing flaw

     
  • Matěj Týč
    Matěj Týč
    2010-01-28

    • assigned_to: nobody --> bubla
    • status: open --> closed-accepted
     
  • Matěj Týč
    Matěj Týč
    2010-01-28

    Thank you, the patch has been committed to the developement branch