Vulnerability Description
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Offis | Dcmtk | <= 3.6.3 |
| Fedoraproject | Fedora | 29 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://support.dcmtk.org/redmine/issues/858ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://support.dcmtk.org/redmine/issues/858ExploitThird Party Advisory
FAQ
What is CVE-2019-1010228?
CVE-2019-1010228 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, ...
How severe is CVE-2019-1010228?
CVE-2019-1010228 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-1010228?
Check the references section above for vendor advisories and patch information. Affected products include: Offis Dcmtk, Fedoraproject Fedora.