FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gdcm -- multiple vulnerabilities

Affected packages
gdcm < 2.6.2

Details

VuXML ID e00d8b94-c88a-11e5-b5fe-002590263bf5
Discovery 2015-12-23
Entry 2016-02-01

CENSUS S.A. reports:

GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an integer overflow vulnerability which leads to a buffer overflow and potentially to remote code execution.

GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an out-of-bounds read vulnerability due to missing checks.

References

CVE Name CVE-2015-8396
CVE Name CVE-2015-8397
URL http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
URL http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/