dcmtk-3.6.9-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15885 Final 1 1 2025-02-20T00:00:00Z current 2025-02-20T00:00:00Z 2025-02-20T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dcmtk-3.6.9-2.1 on GA media These are all security issues fixed in the dcmtk-3.6.9-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15885 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-25472/ SUSE CVE CVE-2025-25472 page https://www.suse.com/security/cve/CVE-2025-25474/ SUSE CVE CVE-2025-25474 page https://www.suse.com/security/cve/CVE-2025-25475/ SUSE CVE CVE-2025-25475 page openSUSE Tumbleweed dcmtk-3.6.9-2.1 dcmtk-devel-3.6.9-2.1 libdcmtk19-3.6.9-2.1 dcmtk-3.6.9-2.1 as a component of openSUSE Tumbleweed dcmtk-devel-3.6.9-2.1 as a component of openSUSE Tumbleweed libdcmtk19-3.6.9-2.1 as a component of openSUSE Tumbleweed A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. CVE-2025-25472 openSUSE Tumbleweed:dcmtk-3.6.9-2.1 openSUSE Tumbleweed:dcmtk-devel-3.6.9-2.1 openSUSE Tumbleweed:libdcmtk19-3.6.9-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-25472.html CVE-2025-25472 https://bugzilla.suse.com/1237369 SUSE Bug 1237369 DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. CVE-2025-25474 openSUSE Tumbleweed:dcmtk-3.6.9-2.1 openSUSE Tumbleweed:dcmtk-devel-3.6.9-2.1 openSUSE Tumbleweed:libdcmtk19-3.6.9-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-25474.html CVE-2025-25474 https://bugzilla.suse.com/1237365 SUSE Bug 1237365 A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file. CVE-2025-25475 openSUSE Tumbleweed:dcmtk-3.6.9-2.1 openSUSE Tumbleweed:dcmtk-devel-3.6.9-2.1 openSUSE Tumbleweed:libdcmtk19-3.6.9-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-25475.html CVE-2025-25475 https://bugzilla.suse.com/1237355 SUSE Bug 1237355