Developer's Image Library / Patches / #44 PATCH: DevIL CVE-2009-3994 DICOM image processing flaw

#44 PATCH: DevIL CVE-2009-3994 DICOM image processing flaw

Status: closed-accepted

Owner: Matěj Týč

Labels: None

Priority: 5

Updated: 2014-07-16

Created: 2009-12-04

Creator: Hans de Goede

Private: No

Stefan Cornelius of Secunia Research found an insufficient
input sanitation in the way DevIL image library used to process
Digital Imaging and Communications in Medicine (DICOM) images.
If a remote attacker could trick a local user to process
a specially-crafted DICOM image in an application, using
the DevIL image processing library, it could lead to
stack-based buffer overflow and denial of service (application
crash).

The attached patch fixes this.

Regards,

Hans de Goede (Fedora DevIl package maintainer)

Discussion

Hans de Goede - 2009-12-04

PATCH: DevIL CVE-2009-3994 DICOM image processing flaw

DevIL-1.7.8-CVE-2009-3994.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Matěj Týč - 2010-01-28

assigned_to: nobody --> bubla

status: open --> closed-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Matěj Týč - 2010-01-28

Thank you, the patch has been committed to the developement branch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

PATCH: DevIL CVE-2009-3994 DICOM image processing flaw

A full featured cross-platform image library

Group

Searches

Help

#44 PATCH: DevIL CVE-2009-3994 DICOM image processing flaw

Discussion