Bug #1175: Possible overflows and underflows in ACSE data structures - DCMTK - OFFIS DCMTK and DICOM Projects

Actions

Copy link

Bug #1175

closed

Possible overflows and underflows in ACSE data structures

Added by Marco Eichelberg 1 day ago.

Status:

Closed

Priority:

Normal

Assignee:

Michael Onken

Category:

Target version:

Start date:

2025-11-06

Due date:

% Done:

100%

Estimated time:

Module:

Operating System:

Compiler:

Description

At several places in the code a wrong length of ACSE data structures received over the network can cause overflows or underflows when processing those data structures. Related checks have been added at various places in order to prevent such (possible) attacks.

Thanks to Kevin Basista for the report.

Closed by commit #1b6bb7607.

This issue has been registered as CVE-2015-8979 (https://www.cve.org/CVERecord?id=CVE-2015-8979).

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

DCMTK

Bug #1175

Possible overflows and underflows in ACSE data structures