{"url":"http://public2.vulnerablecode.io/api/packages/42926?format=json","purl":"pkg:deb/debian/gdcm@2.6.2-1?distro=trixie","type":"deb","namespace":"debian","name":"gdcm","version":"2.6.2-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.0.24-1","latest_non_vulnerable_version":"3.0.24-10","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204130?format=json","vulnerability_id":"VCID-7zx6-6rym-dfcw","summary":"The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8397","reference_id":"","reference_type":"","scores":[{"value":"0.02058","scoring_system":"epss","scoring_elements":"0.84268","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8397"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8397","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8397"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42926?format=json","purl":"pkg:deb/debian/gdcm@2.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@2.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42923?format=json","purl":"pkg:deb/debian/gdcm@3.0.8-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sr-st7r-83an"},{"vulnerability":"VCID-2amt-drep-r3e8"},{"vulnerability":"VCID-cc14-jg4j-u7fv"},{"vulnerability":"VCID-seux-fpcc-7bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42921?format=json","purl":"pkg:deb/debian/gdcm@3.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sr-st7r-83an"},{"vulnerability":"VCID-2amt-drep-r3e8"},{"vulnerability":"VCID-cc14-jg4j-u7fv"},{"vulnerability":"VCID-seux-fpcc-7bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42925?format=json","purl":"pkg:deb/debian/gdcm@3.0.24-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cc14-jg4j-u7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.24-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42924?format=json","purl":"pkg:deb/debian/gdcm@3.0.24-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.24-10%3Fdistro=trixie"}],"aliases":["CVE-2015-8397"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zx6-6rym-dfcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204129?format=json","vulnerability_id":"VCID-mugm-4sew-g3gg","summary":"Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8396","reference_id":"","reference_type":"","scores":[{"value":"0.18738","scoring_system":"epss","scoring_elements":"0.95436","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8396"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39229.cpp","reference_id":"CVE-2015-8396;OSVDB-131597","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39229.cpp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42926?format=json","purl":"pkg:deb/debian/gdcm@2.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@2.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42923?format=json","purl":"pkg:deb/debian/gdcm@3.0.8-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sr-st7r-83an"},{"vulnerability":"VCID-2amt-drep-r3e8"},{"vulnerability":"VCID-cc14-jg4j-u7fv"},{"vulnerability":"VCID-seux-fpcc-7bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42921?format=json","purl":"pkg:deb/debian/gdcm@3.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sr-st7r-83an"},{"vulnerability":"VCID-2amt-drep-r3e8"},{"vulnerability":"VCID-cc14-jg4j-u7fv"},{"vulnerability":"VCID-seux-fpcc-7bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42925?format=json","purl":"pkg:deb/debian/gdcm@3.0.24-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cc14-jg4j-u7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.24-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42924?format=json","purl":"pkg:deb/debian/gdcm@3.0.24-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@3.0.24-10%3Fdistro=trixie"}],"aliases":["CVE-2015-8396"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mugm-4sew-g3gg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdcm@2.6.2-1%3Fdistro=trixie"}