Security update for dcmtk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:0068-1 Final 1 1 2025-02-20T08:42:03Z current 2025-02-20T08:42:03Z 2025-02-20T08:42:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dcmtk This update for dcmtk fixes the following issues: - CVE-2025-25472: Fixed a denial of service via a crafted DCM file (boo#1237369). - CVE-2025-25474: Fixed a denial of service via a crafted DICOM file (boo#1237365). - CVE-2025-25475: Fixed a buffer overflow via the component /dcmimgle/diinpxt.h (boo#1237355). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2025-68 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAE4A7GATAL6JEEG3UTXCDTV3MRMCJX2/ E-Mail link for openSUSE-SU-2025:0068-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1237355 SUSE Bug 1237355 https://bugzilla.suse.com/1237365 SUSE Bug 1237365 https://bugzilla.suse.com/1237369 SUSE Bug 1237369 https://www.suse.com/security/cve/CVE-2025-25472/ SUSE CVE CVE-2025-25472 page https://www.suse.com/security/cve/CVE-2025-25474/ SUSE CVE CVE-2025-25474 page https://www.suse.com/security/cve/CVE-2025-25475/ SUSE CVE CVE-2025-25475 page SUSE Package Hub 15 SP6 openSUSE Leap 15.6 dcmtk-3.6.9-bp156.4.6.1 dcmtk-devel-3.6.9-bp156.4.6.1 libdcmtk19-3.6.9-bp156.4.6.1 dcmtk-3.6.9-bp156.4.6.1 as a component of SUSE Package Hub 15 SP6 dcmtk-devel-3.6.9-bp156.4.6.1 as a component of SUSE Package Hub 15 SP6 libdcmtk19-3.6.9-bp156.4.6.1 as a component of SUSE Package Hub 15 SP6 dcmtk-3.6.9-bp156.4.6.1 as a component of openSUSE Leap 15.6 dcmtk-devel-3.6.9-bp156.4.6.1 as a component of openSUSE Leap 15.6 libdcmtk19-3.6.9-bp156.4.6.1 as a component of openSUSE Leap 15.6 A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. CVE-2025-25472 SUSE Package Hub 15 SP6:dcmtk-3.6.9-bp156.4.6.1 SUSE Package Hub 15 SP6:dcmtk-devel-3.6.9-bp156.4.6.1 SUSE Package Hub 15 SP6:libdcmtk19-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:dcmtk-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:dcmtk-devel-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:libdcmtk19-3.6.9-bp156.4.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAE4A7GATAL6JEEG3UTXCDTV3MRMCJX2/ https://www.suse.com/security/cve/CVE-2025-25472.html CVE-2025-25472 https://bugzilla.suse.com/1237369 SUSE Bug 1237369 DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. CVE-2025-25474 SUSE Package Hub 15 SP6:dcmtk-3.6.9-bp156.4.6.1 SUSE Package Hub 15 SP6:dcmtk-devel-3.6.9-bp156.4.6.1 SUSE Package Hub 15 SP6:libdcmtk19-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:dcmtk-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:dcmtk-devel-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:libdcmtk19-3.6.9-bp156.4.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAE4A7GATAL6JEEG3UTXCDTV3MRMCJX2/ https://www.suse.com/security/cve/CVE-2025-25474.html CVE-2025-25474 https://bugzilla.suse.com/1237365 SUSE Bug 1237365 A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file. CVE-2025-25475 SUSE Package Hub 15 SP6:dcmtk-3.6.9-bp156.4.6.1 SUSE Package Hub 15 SP6:dcmtk-devel-3.6.9-bp156.4.6.1 SUSE Package Hub 15 SP6:libdcmtk19-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:dcmtk-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:dcmtk-devel-3.6.9-bp156.4.6.1 openSUSE Leap 15.6:libdcmtk19-3.6.9-bp156.4.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAE4A7GATAL6JEEG3UTXCDTV3MRMCJX2/ https://www.suse.com/security/cve/CVE-2025-25475.html CVE-2025-25475 https://bugzilla.suse.com/1237355 SUSE Bug 1237355