Activity
From 2026-06-25 to 2026-07-24
2026-07-06
-
20:31 Bug #1242: Out-of-bounds read decoding 3-component JPEG-LS images
- Fixed with commit 4c84db4702249593d2fb7f9bc3c90bc7185ababb.
-
20:31 Bug #1241: Double free of palette color LUT
- Fixed with commit 99bae4afd570be5f8167dc1d5f48932c00e7346e.
-
20:30 Bug #1240: Heap buffer overflow in multi-frame overlay conversion.
- Fixed with commit d0a6f8afaecc676dfc8e36a0ee1a729455a7f74f.
-
20:29 Bug #1239: Out of bounds access into Lookup Table on big endian machines
- Fixed with commit 87cccaa50770a00169cf59ec18c63d42175a8d1d.
-
20:28 Bug #1238: Out-of-bounds read in JPEG-LS scan header parsing
- Fixed with commit 345572c45a3767ed25b15c8cf11d4e711cd3d348.
-
20:27 Bug #1237: DcmRLECodecDecoder::decodeFrame() out of bounds access
- Fixed with commit 2846f2914a6132d58c8e35d4337fccc0e52e3fe7.
-
19:17 Bug #1247 (Closed): SYSS-2026-050: Unbounded VM allocation in textual value import
-
19:17 Bug #1246 (Closed): SYSS-2026-049: Integer overflow in RLE encoder size check
-
19:17 Bug #1245 (Closed): SYSS-2026-048: Heap buffer overflow in xml2dcm binary file import
-
19:17 Bug #1244 (Closed): SYSS-2026-047: Path traversal in dcmsend --read-from-dicomdir
-
19:17 Bug #1243 (Closed): SYSS-2026-046: Integer overflow in DICOMDIR PGM icon loading
2026-07-03
-
14:32 Bug #1247 (Resolved): SYSS-2026-050: Unbounded VM allocation in textual value import
- Fixed with commit 9cb99f1b0279e3e40243a8b9bd974edf78597a14
-
12:42 Bug #1247 (Closed): SYSS-2026-050: Unbounded VM allocation in textual value import
- As reported by Matthias Deeg (SySS GmbH):
h1. SYSS-2026-050 — Unbounded VM allocation in textual value import
|... -
14:32 Bug #1246 (Resolved): SYSS-2026-049: Integer overflow in RLE encoder size check
- Fixed with commit 7e9a836672baad9e3b03fcde160d5e16de681bd5
-
12:42 Bug #1246 (Closed): SYSS-2026-049: Integer overflow in RLE encoder size check
- As reported by Matthias Deeg (SySS GmbH):
h1. SYSS-2026-049 — Integer overflow in RLE encoder size check
|_. Fi... -
14:32 Bug #1245 (Resolved): SYSS-2026-048: Heap buffer overflow in xml2dcm binary file import
- Fixed with commit ebeafd016bcef34021111550cc2a644129d89825
-
12:41 Bug #1245 (Closed): SYSS-2026-048: Heap buffer overflow in xml2dcm binary file import
- As reported by Matthias Deeg (SySS GmbH):
h1. SYSS-2026-048 — Heap buffer overflow in xml2dcm binary file import
... -
14:32 Bug #1244 (Resolved): SYSS-2026-047: Path traversal in dcmsend --read-from-dicomdir
- Fixed with commit 225ff1e0e42efcac64a5275e8f06ade14ca509b5
-
12:39 Bug #1244 (Closed): SYSS-2026-047: Path traversal in dcmsend --read-from-dicomdir
- As reported by Matthias Deeg (SySS GmbH):
h1. SYSS-2026-047 — Path traversal in dcmsend --read-from-dicomdir
|_... -
14:32 Bug #1243 (Resolved): SYSS-2026-046: Integer overflow in DICOMDIR PGM icon loading
- Fixed with commit 534e146b672ccd13d1a2b134ef623840e775396a
-
12:28 Bug #1243 (Closed): SYSS-2026-046: Integer overflow in DICOMDIR PGM icon loading
- As reported by Matthias Deeg (SySS GmbH):
h1. SYSS-2026-046 — Integer overflow in DICOMDIR PGM icon loading
|_.... -
11:16 Bug #1242 (Closed): Out-of-bounds read decoding 3-component JPEG-LS images
- Fixed with commit 4c84db4702249593d2fb7f9bc3c90bc7185ababb.
-
10:46 Bug #1242 (Closed): Out-of-bounds read decoding 3-component JPEG-LS images
- As reported by quellsec.dev:
h2. Summary
Heap out-of-bounds read in CharLS TransformLine: the SOS scan uses the... -
11:15 Bug #1241 (Closed): Double free of palette color LUT
- Closed with commit 99bae4afd570be5f8167dc1d5f48932c00e7346e.
-
10:40 Bug #1241 (Closed): Double free of palette color LUT
- As reported by quellsec.dev:
h1. DCMTK: double-free of palette-color LUT data in IODPaletteColorLUTModule::checkDa... -
11:14 Bug #1240 (Closed): Heap buffer overflow in multi-frame overlay conversion.
- Fixed with commit d0a6f8afaecc676dfc8e36a0ee1a729455a7f74f.
-
10:36 Bug #1240 (Closed): Heap buffer overflow in multi-frame overlay conversion.
- As reported by quellsec.dev:
h2. Summary
@DiOverlayPlane::create6xxx3000Data@ sizes its output buffer as a sing... -
11:12 Bug #1239 (Closed): Out of bounds access into Lookup Table on big endian machines
- Fixed with commit 87cccaa50770a00169cf59ec18c63d42175a8d1d.
-
10:26 Bug #1239 (Closed): Out of bounds access into Lookup Table on big endian machines
- As reported by quellsec.dev:
h2. Summary
On big-endian hosts, @DiLookupTable::checkTable@ expands an 8-bit-allo... -
11:11 Bug #1238 (Closed): Out-of-bounds read in JPEG-LS scan header parsing
- Fixed in commit 345572c45a3767ed25b15c8cf11d4e711cd3d348
-
10:18 Bug #1238 (Closed): Out-of-bounds read in JPEG-LS scan header parsing
- Issue as reported by quellsec.dev:
h2. Summary
The bundled CharLS JPEG-LS decoder reads an attacker-controlled ... -
11:10 Bug #1237 (Closed): DcmRLECodecDecoder::decodeFrame() out of bounds access
-
11:09 Bug #1237: DcmRLECodecDecoder::decodeFrame() out of bounds access
- Fixed in commit 2846f2914a6132d58c8e35d4337fccc0e52e3fe7.
-
10:08 Bug #1237 (Closed): DcmRLECodecDecoder::decodeFrame() out of bounds access
- h2. Summary
@DcmRLECodecDecoder::decodeFrame@ reads one byte before a heap allocation when the last RLE stripe dec...
2026-07-02
-
22:27 Bug #1236 (Closed): Out of bounds read in dcmqrdb's deleteOldestImages() method
-
22:26 Bug #1236: Out of bounds read in dcmqrdb's deleteOldestImages() method
- Closed by commit bd8163.
2026-06-26
-
07:57 Bug #1233 (Closed): Access-control gap in dcmqrscp
-
07:56 Bug #1227 (Closed): Fix potential heap overflow with DNS resolve result
-
07:56 Bug #1229 (Closed): Heap Overflow in DB_DuplicateElement (dcmqrdb)
-
07:56 Bug #1228 (Closed): Heap overflow when computing PDU length + safety margin
-
07:56 Bug #1230 (Closed): Potential DoS via mutlipe User Identity Negotiation sub-items
-
07:56 Bug #1231 (Closed): Out-of-bounds read in OFStandard::sanitizeFilename()
-
07:55 Bug #1232 (Closed): Potential NUL-termination missing in use of strncpy
-
07:55 Bug #1234 (Closed): Remote unauthenticated memory-leak DoS in parseAssociate() presentation-context error path
-
07:55 Bug #1235 (Closed): Stack buffer overflow in dcmqrscp QR Level handling
Also available in: Atom