Bug #858: Buffer overflow in DcmRLEDecoder::decompress() - DCMTK - OFFIS DCMTK and DICOM Projects

Actions

Copy link

Bug #858

closed

Buffer overflow in DcmRLEDecoder::decompress()

Added by Marco Eichelberg almost 7 years ago. Updated 10 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Marco Eichelberg

Category:

Library and Apps

Target version:

Start date:

2018-11-28

Due date:

% Done:

100%

Estimated time:

Module:

dcmdata

Operating System:

Compiler:

Description

As a part of medical infrastructure security research, the DeteAct Team started to perform fuzzing of various open source medical data processing libraries.
During fuzzing of the dcm2pnm utility, a memory corruption (buffer overflow) bug was found, which occurs in DcmRLEDecoder::decompress() (file dcrledec.h, line 122). Attached are three sample files that trigger the (same) bug when processed with either dcm2pnm or dcmdrle.

Reported 2018-11-27 by Omar Ganiev <beched@deteact.com>, DeteAct Team, Open Medical Infrastructure Security Project.

Files

Download all files

dcm2pnm_case_1 (7.61 KB) dcm2pnm_case_1		Marco Eichelberg, 2018-11-28 10:16
dcm2pnm_case_2 (7.61 KB) dcm2pnm_case_2		Marco Eichelberg, 2018-11-28 10:16
dcm2pnm_case_3 (1.96 KB) dcm2pnm_case_3		Marco Eichelberg, 2018-11-28 10:16

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

DCMTK

Bug #858

Buffer overflow in DcmRLEDecoder::decompress()

Updated by Marco Eichelberg almost 7 years ago

Updated by Marco Eichelberg almost 7 years ago

Updated by Michael Onken over 5 years ago

Updated by Marco Eichelberg 11 months ago

Updated by Marco Eichelberg 10 months ago