VulnerableCode Package Details - pkg:deb/debian/gdcm@3.0.24-5?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-3fc5-33n7-pkeq Aliases: CVE-2025-11266	GDCM: Grassroots DICOM: Grassroots DICOM (GDCM): Denial of Service via malformed DICOM file parsing	3.0.24-8 Affected by 0 other vulnerabilities. 3.0.24-9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3fc5-33n7-pkeq
Aliases:
CVE-2025-11266

GDCM: Grassroots DICOM: Grassroots DICOM (GDCM): Denial of Service via malformed DICOM file parsing

3.0.24-8
Affected by 0 other vulnerabilities.

3.0.24-9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4zzy-q5zp-jkgm	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3720
VCID-6xue-7ryt-9fa3	An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.	CVE-2024-25569
VCID-f2hr-w48s-k3ha	Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.	CVE-2015-8396
VCID-fz53-7wyn-qubv	The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.	CVE-2015-8397
VCID-m1ah-vyz4-57dc	A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.	CVE-2024-22391
VCID-qtav-hqnd-b7fa	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3560
VCID-sgsd-p8ts-r7gn	An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.	CVE-2024-22373

Vulnerability

Summary

Aliases

VCID-4zzy-q5zp-jkgm

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

CVE-2009-3720

VCID-6xue-7ryt-9fa3

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-25569

VCID-f2hr-w48s-k3ha

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.

CVE-2015-8396

VCID-fz53-7wyn-qubv

The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.

CVE-2015-8397

VCID-m1ah-vyz4-57dc

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-22391

VCID-qtav-hqnd-b7fa

CVE-2009-3560

VCID-sgsd-p8ts-r7gn

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-22373

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-13T08:59:34.135593+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:40:57.382395+00:00	Debian Importer	Fixing	VCID-f2hr-w48s-k3ha	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:55:26.240824+00:00	Debian Importer	Fixing	VCID-fz53-7wyn-qubv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:06:17.205180+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:24:25.784630+00:00	Debian Importer	Affected by	VCID-3fc5-33n7-pkeq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.759323+00:00	Debian Importer	Fixing	VCID-6xue-7ryt-9fa3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.707191+00:00	Debian Importer	Fixing	VCID-m1ah-vyz4-57dc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.655222+00:00	Debian Importer	Fixing	VCID-sgsd-p8ts-r7gn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.601055+00:00	Debian Importer	Fixing	VCID-fz53-7wyn-qubv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.559716+00:00	Debian Importer	Fixing	VCID-f2hr-w48s-k3ha	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.517562+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:25.469235+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.1.0