VulnerableCode Package Details - pkg:deb/debian/gdcm@3.0.21-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-3fc5-33n7-pkeq Aliases: CVE-2025-11266	GDCM: Grassroots DICOM: Grassroots DICOM (GDCM): Denial of Service via malformed DICOM file parsing	3.0.24-8 Affected by 0 other vulnerabilities. 3.0.24-9 Affected by 0 other vulnerabilities.
VCID-6xue-7ryt-9fa3 Aliases: CVE-2024-25569	An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.	3.0.24-1 Affected by 0 other vulnerabilities. 3.0.24-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.0.24-9 Affected by 0 other vulnerabilities.
VCID-m1ah-vyz4-57dc Aliases: CVE-2024-22391	A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.	3.0.24-1 Affected by 0 other vulnerabilities. 3.0.24-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.0.24-9 Affected by 0 other vulnerabilities.
VCID-sgsd-p8ts-r7gn Aliases: CVE-2024-22373	An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.	3.0.24-1 Affected by 0 other vulnerabilities. 3.0.24-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.0.24-9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3fc5-33n7-pkeq
Aliases:
CVE-2025-11266

GDCM: Grassroots DICOM: Grassroots DICOM (GDCM): Denial of Service via malformed DICOM file parsing

3.0.24-8
Affected by 0 other vulnerabilities.

3.0.24-9
Affected by 0 other vulnerabilities.

VCID-6xue-7ryt-9fa3
Aliases:
CVE-2024-25569

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.

3.0.24-1
Affected by 0 other vulnerabilities.

3.0.24-5
Affected by 1 other vulnerability.

3.0.24-9
Affected by 0 other vulnerabilities.

VCID-m1ah-vyz4-57dc
Aliases:
CVE-2024-22391

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

3.0.24-1
Affected by 0 other vulnerabilities.

3.0.24-5
Affected by 1 other vulnerability.

3.0.24-9
Affected by 0 other vulnerabilities.

VCID-sgsd-p8ts-r7gn
Aliases:
CVE-2024-22373

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

3.0.24-1
Affected by 0 other vulnerabilities.

3.0.24-5
Affected by 1 other vulnerability.

3.0.24-9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4zzy-q5zp-jkgm	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3720
VCID-f2hr-w48s-k3ha	Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.	CVE-2015-8396
VCID-fz53-7wyn-qubv	The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.	CVE-2015-8397
VCID-qtav-hqnd-b7fa	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3560

Vulnerability

Summary

Aliases

VCID-4zzy-q5zp-jkgm

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

CVE-2009-3720

VCID-f2hr-w48s-k3ha

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.

CVE-2015-8396

VCID-fz53-7wyn-qubv

The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.

CVE-2015-8397

VCID-qtav-hqnd-b7fa

CVE-2009-3560

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:04:45.632572+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:40:06.584941+00:00	Debian Importer	Fixing	VCID-f2hr-w48s-k3ha	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:37:34.956741+00:00	Debian Importer	Fixing	VCID-fz53-7wyn-qubv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:06:47.525233+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:59:34.128914+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:40:57.377565+00:00	Debian Importer	Fixing	VCID-f2hr-w48s-k3ha	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:55:26.238247+00:00	Debian Importer	Fixing	VCID-fz53-7wyn-qubv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:06:17.198772+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:24:25.780611+00:00	Debian Importer	Affected by	VCID-3fc5-33n7-pkeq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.727512+00:00	Debian Importer	Affected by	VCID-6xue-7ryt-9fa3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.675495+00:00	Debian Importer	Affected by	VCID-m1ah-vyz4-57dc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.622105+00:00	Debian Importer	Affected by	VCID-sgsd-p8ts-r7gn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.573561+00:00	Debian Importer	Fixing	VCID-fz53-7wyn-qubv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.531524+00:00	Debian Importer	Fixing	VCID-f2hr-w48s-k3ha	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.485185+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.432961+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.1.0