Project

General

Profile

Bug #858

Buffer overflow in DcmRLEDecoder::decompress()

Added by Marco Eichelberg over 4 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Category:
Library and Apps
Target version:
-
Start date:
2018-11-28
Due date:
% Done:

100%

Module:
dcmdata
Operating System:
Compiler:

Description

As a part of medical infrastructure security research, the DeteAct Team started to perform fuzzing of various open source medical data processing libraries.
During fuzzing of the dcm2pnm utility, a memory corruption (buffer overflow) bug was found, which occurs in DcmRLEDecoder::decompress() (file dcrledec.h, line 122). Attached are three sample files that trigger the (same) bug when processed with either dcm2pnm or dcmdrle.

Reported 2018-11-27 by Omar Ganiev <>, DeteAct Team, Open Medical Infrastructure Security Project.

dcm2pnm_case_1 (7.61 KB) Marco Eichelberg, 2018-11-28 10:16

dcm2pnm_case_2 (7.61 KB) Marco Eichelberg, 2018-11-28 10:16

dcm2pnm_case_3 (1.96 KB) Marco Eichelberg, 2018-11-28 10:16

History

#1 Updated by Marco Eichelberg over 4 years ago

#2 Updated by Marco Eichelberg over 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Assignee set to Marco Eichelberg

Closed by commit #40917614e.

#3 Updated by Michael Onken almost 3 years ago

  • Target version deleted (3.6.6)

Also available in: Atom PDF