lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5693649D.2050802@census-labs.com>
Date: Mon, 11 Jan 2016 10:15:25 +0200
From: Stelios Tsampas <stelios@...sus-labs.com>
To: oss-security@...ts.openwall.com
Cc: fulldisclosure@...lists.org, bugtraq@...urityfocus.com
Subject: CVE-2015-8396: GDCM buffer overflow in
 ImageRegionReader::ReadIntoBuffer

Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical
images.
It provides routines to view and manipulate a wide range of image formats
and can be accessed through many popular programming languages like Python,
C#, Java and PHP.

GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone
to an
integer overflow vulnerability which leads to a buffer overflow and
potentially to remote code execution. The vulnerability is triggered by the
exposed function gdcm::ImageRegionReader::ReadIntoBuffer, which copies
DICOM
image data to a buffer. ReadIntoBuffer checks whether the supplied
buffer is
large enough to hold the necessary data, however in this check it fails to
detect the occurrence of an integer overflow, which leads to a buffer
overflow
later on in the code. The buffer overflow will occur regardless of the
size of
the buffer supplied to the ReadIntoBuffer call.

More information about this vulnerability can be found at
http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/

The GDCM project has released version 2.6.2 that addresses this issue.
It is advised to upgrade all GDCM installations to the latest stable
release.

Disclosure Timeline
-------------------
CVE assignment:    December 2nd, 2015
Vendor Contact:    December 4th, 2015
Vendor Patch Release: December 23rd, 2015
Public Advisory: January 11th, 2016

Regards,

Stelios Tsampas

IT Security Researcher
CENSUS S.A.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ