ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0083
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0083)
Resumen:	The remote host is missing an update for the 'dcmtk' package(s) announced via the MGASA-2023-0083 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dcmtk' package(s) announced via the MGASA-2023-0083 advisory. Vulnerability Insight: Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8979) Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2019-1010228) Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, and CVE-2021-41690) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-2119 and CVE-2022-2120) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-2121) It was discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-43272) Affected Software/OS: 'dcmtk' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41687 https://github.com/DCMTK/dcmtk https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb Common Vulnerability Exposure (CVE) ID: CVE-2021-41688 Common Vulnerability Exposure (CVE) ID: CVE-2021-41689 https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d Common Vulnerability Exposure (CVE) ID: CVE-2021-41690 Common Vulnerability Exposure (CVE) ID: CVE-2022-2119 https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 Common Vulnerability Exposure (CVE) ID: CVE-2022-2120 Common Vulnerability Exposure (CVE) ID: CVE-2022-2121 Common Vulnerability Exposure (CVE) ID: CVE-2022-43272 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/ https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7 https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.