Activity - DCMTK - OFFIS DCMTK and DICOM Projects

Activity

From 2026-05-22 to 2026-06-20

Today

11:59 Bug #1221 (Closed): Out-of-bounds read in bundled IJG JPEG Huffman decoder: Michael Onken
11:59 Bug #1222 (Closed): Out-of-bounds read in CharLS JPEG-LS EndScan(): Michael Onken
11:59 Bug #1223 (Closed): Out-of-bounds read in CharLS JPEG-LS QuantizeGratient(): Michael Onken

2026-06-11

07:40 Bug #1223: Out-of-bounds read in CharLS JPEG-LS QuantizeGratient(): Fixed with commit b6691c7a0fdfd261c20c2509c2ac16966bd37763 Michael Onken
07:40 Bug #1222: Out-of-bounds read in CharLS JPEG-LS EndScan(): Fixed with commit b818c19720bd3c5c273f7c0578fef3990333af22 Michael Onken
07:39 Bug #1221: Out-of-bounds read in bundled IJG JPEG Huffman decoder: Fixed with commit d6ae1bc8d5b9ae9c7300013c8c85cc2ea0fd8cf5. Michael Onken

2026-06-10

11:16 Bug #1223 (Closed): Out-of-bounds read in CharLS JPEG-LS QuantizeGratient(): DCMTK's bundled CharLS JPEG-LS library (dcmjpls/libcharls) performs an out-of-bounds heap read in its near-lossless d... Michael Onken
11:15 Bug #1222 (Closed): Out-of-bounds read in CharLS JPEG-LS EndScan(): DCMTK's bundled CharLS JPEG-LS library (dcmjpls/libcharls) performs an out-of-bounds heap read when finishing decode ... Michael Onken
11:13 Bug #1221 (Closed): Out-of-bounds read in bundled IJG JPEG Huffman decoder: DCMTK's bundled IJG JPEG library (dcmjpeg/libijg8, and the identical libijg12/libijg16 copies) contains a Huffman-tab... Michael Onken

2026-06-05

18:32 Bug #1205 (Closed): Building of a single shared library fails: Closed by commit #37bbe0f81. Marco Eichelberg
11:08 Feature #1220 (New): Use of DcmDate/Time/DateTime instead of OFDate/Time/DateTime: In various places in DCMTK the classes OFDate/Time/DateTime are used to retrieve the current data or time in DICOM fo... Marco Eichelberg

2026-05-31

11:28 Bug #1219 (Closed): Inconsistent handling of uncompressed icon images: Closed by commit #d526cbb08.
Marco Eichelberg
08:28 Bug #1219 (Closed): Inconsistent handling of uncompressed icon images: When loading a compressed DICOM image file that contains an Icon Image Sequence with uncompressed pixel data (which i... Marco Eichelberg

2026-05-29

18:06 Bug #1217 (Closed): AE_6/AE_3 error-return paths skip heap cleanup: Michael Onken
18:06 Bug #1217: AE_6/AE_3 error-return paths skip heap cleanup: A second leak was discovered during fixing the orginally reported one.
translatePresentationContextList() also now... Michael Onken
14:40 Bug #1218: wlmscpfs unchecked DcmElement* to DcmSequenceOfItems* cast: Bug reported by Abhinav Agarwal. Michael Onken
14:31 Bug #1218 (Closed): wlmscpfs unchecked DcmElement* to DcmSequenceOfItems* cast: Michael Onken
14:29 Bug #1218: wlmscpfs unchecked DcmElement* to DcmSequenceOfItems* cast: Fixed in commit f4e007468. Michael Onken
14:25 Bug #1216 (Closed): destroyUserInformationLists() leaks ExtNeg sub-items: Fixed with commit 23f181. Michael Onken

2026-05-27

09:34 Bug #1218 (Closed): wlmscpfs unchecked DcmElement* to DcmSequenceOfItems* cast: Root cause: wldsfs.cc has 3 functions with unchecked C-style casts of findAndGetElement() results to DcmSequenceOfIte... Michael Onken
09:33 Bug #1217 (Closed): AE_6/AE_3 error-return paths skip heap cleanup: Bug as reported by Abhinav Agarwal:
Root cause: AE_6_ExamineAssociateRequest (dulfsm.cc:1231): after parseAssociat... Michael Onken
09:32 Bug #1216 (Closed): destroyUserInformationLists() leaks ExtNeg sub-items: Bug as reported by Abhinav Agarwal:
Root cause: helpers.cc:67 does `delete userInfo->extNegList` which frees the O... Michael Onken

2026-05-26

09:38 Bug #1209 (Closed): Low severity short read in DcmMetaInfo::nextTagIsMeta(): Jörg Riesmeier
09:38 Bug #1209: Low severity short read in DcmMetaInfo::nextTagIsMeta(): Fixed with commit e267be7ff. Jörg Riesmeier

2026-05-25

12:21 Bug #1212 (Closed): NULL dereference in json2dcm: Marco Eichelberg
12:02 Bug #1213: RLE decodeFrame() Heap-OOB Read: This issue has been registered as CVE-2026-44034. Marco Eichelberg
12:01 Bug #1214: Unbounded recursion in XMLParser library: This issue has been registered as CVE-2026-44033. Marco Eichelberg
12:01 Bug #1191: Stack Overflow via Deeply Nested DICOM Sequences: This issue has been registered as CVE-2026-44031. Marco Eichelberg
12:00 Bug #1194: OS command injection vulnerability in storescp --exec-on-reception: This issue has been registered as CVE-2026-44030. Marco Eichelberg

2026-05-24

19:22 Bug #1214 (Closed): Unbounded recursion in XMLParser library: Closed by commit #d12e350e6.
Marco Eichelberg
19:19 Bug #1214 (Closed): Unbounded recursion in XMLParser library: The methods @XMLNode::ParseXMLElement()@ and @XMLNode::emptyTheNode()@ in @ofstd/libsrc/ofxml.cc@ recurse on the stac... Marco Eichelberg

2026-05-23

18:05 Bug #1213 (Closed): RLE decodeFrame() Heap-OOB Read: Closed by commit #45469f3c3.
Marco Eichelberg
18:02 Bug #1213 (Closed): RLE decodeFrame() Heap-OOB Read: @DcmRLECodecDecoder::decodeFrame()@ (dcmdata/libsrc/dcrleccd.cc:583) calls @memcpy(rleHeader, rleData, 64)@ without v... Marco Eichelberg
17:08 Bug #1208 (Closed): Heap Buffer Overflow in XMLNode::parseFile() - ofxml.cc: Closed by commit #1d4b3815c.
Marco Eichelberg

2026-05-22

09:30 Feature #1146 (Closed): Add character set options to dcm2json: Marco Eichelberg

« Previous

Also available in: Atom