Offis DCMTK up to 3.6.3 Image Conversion dcrledec.h decompress() DICOM File memory corruption – DigitalMunition




Exploit Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on July 23rd, 2019 📆 | 7065 Views ⚑

0

Offis DCMTK up to 3.6.3 Image Conversion dcrledec.h decompress() DICOM File memory corruption

CVSS Meta Temp Score Current Exploit Price (≈)
5.3 $0-$5k

A vulnerability was found in Offis DCMTK up to 3.6.3 and classified as critical. Affected by this issue is the function DcmRLEDecoder::decompress() of the file dcrledec.h of the component Image Conversion. The manipulation as part of a DICOM File leads to a memory corruption vulnerability (Code Execution). Using CWE to declare the problem leads to CWE-119. Impacted is confidentiality, integrity, and availability.

The weakness was released 07/22/2019. This vulnerability is handled as CVE-2019-1010228 since 03/20/2019. There are known technical details, but no exploit is available.

Upgrading to version 3.6.4 Commit 40917614e eliminates this vulnerability.

Vendor

Name

VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3

VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.3
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Memory corruption / Code Execution (CWE-119)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: DCMTK 3.6.4 Commit 40917614e

03/20/2019 CVE assigned
07/22/2019 +124 days Advisory disclosed
07/23/2019 +1 days VulDB entry created
07/23/2019 +0 days VulDB last update
CVE: CVE-2019-1010228 (🔒)Created: 07/23/2019 06:36 AM
Complete: 🔍

Download it now for free!

https://vuldb.com/?id.138416

Download Premium WordPress Themes Free
Download Nulled WordPress Themes
Download Nulled WordPress Themes
Download WordPress Themes Free
udemy course download free

Tagged with:



Leave a Reply ✍


loading...