Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport security fixes to patched-DCMTK-3.6.6_20210115 #14

Merged
merged 2 commits into from
Oct 28, 2024
Merged

Backport security fixes to patched-DCMTK-3.6.6_20210115 #14

merged 2 commits into from
Oct 28, 2024

Conversation

malbi
Copy link

@malbi malbi commented Apr 19, 2024

Backport security fixes from the following post https://forum.dcmtk.org/viewtopic.php?t=5192 because of the folowing CVE: CVE-2022-2119 and CVE-2022-2120

@malbi
Copy link
Author

malbi commented Apr 19, 2024

This pull request is meant to be integrated at least in CTK and 3DSlicer. I know that there is work in progress for upgrading DCMTK to the latest version in these projects (Slicer/Slicer#6709) but I would like to know if this can be a step in the mean time.

@malbi
Copy link
Author

malbi commented May 30, 2024

Hi, please let me know if this PR is relevant or if we need to close it.

@thewtex
Copy link

thewtex commented Jun 7, 2024

@jcfr push this branch into commontk?

@thewtex thewtex mentioned this pull request Jun 7, 2024
Merged
Marco Eichelberg and others added 2 commits October 28, 2024 17:46
@malbi @jcfr
[Backport] Fixed possible NULL pointer dereference.
0ca4774 
Fixed a possible NULL pointer dereference that could occur when reading an
invalid DICOM file from stdin. Loading a file from the file system
and receiving data over a network connection were not affected by this bug.

Thanks to Sharon Brizinov and Noam Moshe from Claroty Research for the
bug report and sample file.

(cherry picked from commit DCMTK/dcmtk@3e996a2)

Co-authored-by: malbi <mathieualbi33@hotmail.fr>
@malbi @jcfr
[Backport] Fixed path traversal vulnerability.
8633090 
Thanks to Sharon Brizinov >sharon.b@claroty.com> and Noam Moshe from
Claroty Research for the bug report and sample files.

This closes DCMTK issue #1021.

(cherry picked from commit DCMTK/dcmtk@f06a867)

Co-authored-by: malbi <mathieualbi33@hotmail.fr>
@jcfr jcfr force-pushed the patched-DCMTK-3.6.6_20240418 branch from 119e1ae to 8633090 Compare October 28, 2024 21:47
@jcfr jcfr changed the title Patched dcmtk 3.6.6 20240418 Patched dcmtk 3.6.6 20210115 Oct 28, 2024
@jcfr jcfr changed the title Patched dcmtk 3.6.6 20210115 Backport security fixes to patched-DCMTK-3.6.6_20210115 Oct 28, 2024
@jcfr
Copy link
Member

jcfr commented Oct 28, 2024
edited
Loading

@malbi Thanks for the contribution 🙏 The proposed changes make sense 💯

Thanks for addressing the conflicts while cherry-picking those.

Warning

While we are conveniently using the branch name patched-DCMTK-3.6.6_20240418 in this pull request, the final integration branch is patched-DCMTK-3.6.6_20210115

@jcfr jcfr merged commit 11972ea into commontk:patched-DCMTK-3.6.6_20210115 Oct 28, 2024
This was referenced Oct 28, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@malbi @thewtex @jcfr