Bug #1169: Issue when processing an invalid DICOM image where the number of pixels stored does not match the expected number of pixels - DCMTK - OFFIS DCMTK and DICOM Projects

Actions

Copy link

Bug #1169

closed

Issue when processing an invalid DICOM image where the number of pixels stored does not match the expected number of pixels

Added by Marco Eichelberg 3 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Jörg Riesmeier

Category:

Target version:

Start date:

2025-11-06

Due date:

% Done:

100%

Estimated time:

Module:

Operating System:

Compiler:

Description

There is an issue when processing an invalid DICOM image where the number of pixels stored does not match the expected number of pixels (too less) and the combination of BitsAllocated and BitsStored is really unusual (e.g. 1 bit stored, but 52 bits allocated). In cases where the last pixel (e.g. a single bit) does not fit into the buffer of the input pixel data, a buffer overflow occurs on the heap.

Thanks to Ding zhengzheng <xiaozheng.ding399@gmail.com> for the report and the sample file (PoC).

Closed by commit #1d205bcd3.

This issue was registered as CVE-2025-25474 (https://www.cve.org/CVERecord?id=CVE-2025-25474).

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

DCMTK

Bug #1169

Issue when processing an invalid DICOM image where the number of pixels stored does not match the expected number of pixels