Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.7010.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-7010-1)
Summary:	The remote host is missing an update for the 'dcmtk' package(s) announced via the USN-7010-1 advisory.
Description:	Summary: The remote host is missing an update for the 'dcmtk' package(s) announced via the USN-7010-1 advisory. Vulnerability Insight: Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-2121) It was discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-43272) It was discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-28130) It was discovered that DCMTK incorrectly handled memory when processing an invalid incoming DIMSE message. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-34508, CVE-2024-34509) Affected Software/OS: 'dcmtk' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41687 https://github.com/DCMTK/dcmtk https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb Common Vulnerability Exposure (CVE) ID: CVE-2021-41688 Common Vulnerability Exposure (CVE) ID: CVE-2021-41689 https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d Common Vulnerability Exposure (CVE) ID: CVE-2021-41690 Common Vulnerability Exposure (CVE) ID: CVE-2022-2121 https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 Common Vulnerability Exposure (CVE) ID: CVE-2022-43272 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/ https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7 https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw Common Vulnerability Exposure (CVE) ID: CVE-2024-28130 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 Common Vulnerability Exposure (CVE) ID: CVE-2024-34508 https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5 https://support.dcmtk.org/redmine/issues/1114 Common Vulnerability Exposure (CVE) ID: CVE-2024-34509
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.