CVE-2024-22373 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-22373 at MITRE

Description

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
	SUSE
Base Score	8.1
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector	Network
Attack Complexity	High
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1223398 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2024:0167-1, published Wed Jun 19 00:48:55 2024
openSUSE-SU-2024:0168-1, published Sat Aug 24 14:48:34 2024

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP5	`gdcm >= 3.0.24-bp155.2.4.1` `gdcm-applications >= 3.0.24-bp155.2.4.1` `gdcm-devel >= 3.0.24-bp155.2.4.1` `gdcm-examples >= 3.0.24-bp155.2.4.1` `libgdcm3_0 >= 3.0.24-bp155.2.4.1` `libsocketxx1_2 >= 3.0.24-bp155.2.4.1` `python3-gdcm >= 3.0.24-bp155.2.4.1`	Patchnames: openSUSE-2024-167
SUSE Package Hub 15 SP6	`gdcm >= 3.0.24-bp156.2.4.1` `gdcm-applications >= 3.0.24-bp156.2.4.1` `gdcm-devel >= 3.0.24-bp156.2.4.1` `gdcm-examples >= 3.0.24-bp156.2.4.1` `libgdcm3_0 >= 3.0.24-bp156.2.4.1` `libsocketxx1_2 >= 3.0.24-bp156.2.4.1` `python3-gdcm >= 3.0.24-bp156.2.4.1`	Patchnames: openSUSE-2024-168
openSUSE Leap 15.5	`gdcm >= 3.0.24-bp155.2.4.1` `gdcm-applications >= 3.0.24-bp155.2.4.1` `gdcm-devel >= 3.0.24-bp155.2.4.1` `gdcm-examples >= 3.0.24-bp155.2.4.1` `libgdcm3_0 >= 3.0.24-bp155.2.4.1` `libsocketxx1_2 >= 3.0.24-bp155.2.4.1` `python3-gdcm >= 3.0.24-bp155.2.4.1`	Patchnames: openSUSE-2024-167
openSUSE Leap 15.6	`gdcm >= 3.0.24-bp156.2.4.1` `gdcm-applications >= 3.0.24-bp156.2.4.1` `gdcm-devel >= 3.0.24-bp156.2.4.1` `gdcm-examples >= 3.0.24-bp156.2.4.1` `libgdcm3_0 >= 3.0.24-bp156.2.4.1` `libsocketxx1_2 >= 3.0.24-bp156.2.4.1` `python3-gdcm >= 3.0.24-bp156.2.4.1`	Patchnames: openSUSE-2024-168

SUSE Timeline for this CVE

CVE page created: Thu Apr 25 18:00:10 2024
CVE page last modified: Sat Aug 24 15:59:51 2024