DCMTK

=== Infinite Loop Evidence ===

Command: dcmdjpeg poc.dcm /dev/null

PoC size: 526 bytes

$ timeout 3 dcmdjpeg poc.dcm /dev/null

W: DcmItem: Dataset not in ascending tag order, at element (0028,0008)

<process hangs at 100% CPU -- killed by timeout>

Exit code: 124 (killed by timeout after 3 seconds)

The process enters an infinite loop in scanJpegDataForBitDepth()

at the TEM marker (0xFF01) handler. The 'case 0xe1' (TEM) breaks

without advancing the read offset, causing the same marker to be

re-read indefinitely at 100% CPU.

Affected code: dcmjpeg/libsrc/djcodecd.cc, scanJpegDataForBitDepth()

case 0xe1: // TEM marker

break; // <-- does NOT advance offset, infinite re-read

The PoC is a valid DICOM file with JPEG Baseline encapsulated

pixel data containing a TEM (0xFF01) marker. dcmdjpeg successfully

parses the DICOM headers and enters the JPEG segment parser, where

the infinite loop triggers.