Detections
Analytics

Debian dla-4652 : gdcm-doc - security update

high Nessus Plugin ID 323102

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4652 advisory.

 ------------------------------------------------------------------------- Debian LTS Advisory DLA-4652-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias June 26, 2026 https://wiki.debian.org/LTS
 -------------------------------------------------------------------------

 Package : gdcm Version : 3.0.8-2+deb11u1 CVE ID : CVE-2024-22373 CVE-2024-22391 CVE-2024-25569 CVE-2025-11266 CVE-2025-48429 CVE-2025-52582 CVE-2025-53618 CVE-2025-53619 CVE-2026-3650 Debian Bug : 1070387 1122862 1123576 1123587 1123589 1132042

 Multiple vulnerabilities were discovered in gdcm, a C++ library for working with DICOM medical files:

 CVE-2024-22373

 An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

 CVE-2024-22391

 A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

 CVE-2024-25569

 An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.

 CVE-2025-11266

 An out-of-bounds write vulnerability exists in the parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to an unsigned integer underflow in buffer indexing. It is exploitable via file input: simply opening a crafted malicious DICOM file is sufficient to trigger the crash, resulting in a denial-of-service condition.

 CVE-2025-48429

 An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.

 CVE-2025-52582

 An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

 CVE-2025-53618

 An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. The function grayscale_convert is called based on the value of the malicious DICOM file specifying the intended interpretation of the image pixel data.

 CVE-2025-53619

 An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. The function null_convert is called based on the value of the malicious DICOM file specifying the intended interpretation of the image pixel data.

 CVE-2026-3650

 A memory leak exists when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.

 For Debian 11 bullseye, these problems have been fixed in version 3.0.8-2+deb11u1.

 We recommend that you upgrade your gdcm packages.

 For the detailed security status of gdcm please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/gdcm

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
 signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the gdcm-doc packages.

See Also

https://packages.debian.org/source/bullseye/gdcm

https://security-tracker.debian.org/tracker/CVE-2024-22373

https://security-tracker.debian.org/tracker/CVE-2024-22391

https://security-tracker.debian.org/tracker/CVE-2024-25569

https://security-tracker.debian.org/tracker/CVE-2025-11266

https://security-tracker.debian.org/tracker/CVE-2025-48429

https://security-tracker.debian.org/tracker/CVE-2025-52582

https://security-tracker.debian.org/tracker/CVE-2025-53618

https://security-tracker.debian.org/tracker/CVE-2025-53619

https://security-tracker.debian.org/tracker/CVE-2026-3650

https://security-tracker.debian.org/tracker/source-package/gdcm

Plugin Details

Severity: High

ID: 323102

File Name: debian_DLA-4652.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/26/2026

Updated: 6/26/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-22391

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-3650

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libgdcm-java, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libvtkgdcm-dev, p-cpe:/a:debian:debian_linux:libgdcm-dev, p-cpe:/a:debian:debian_linux:libvtkgdcm3.0, p-cpe:/a:debian:debian_linux:gdcm-doc, p-cpe:/a:debian:debian_linux:libgdcm3.0, p-cpe:/a:debian:debian_linux:libvtkgdcm-tools, p-cpe:/a:debian:debian_linux:libgdcm-cil, p-cpe:/a:debian:debian_linux:libgdcm-tools, p-cpe:/a:debian:debian_linux:libvtkgdcm-cil, p-cpe:/a:debian:debian_linux:python3-gdcm, p-cpe:/a:debian:debian_linux:python3-vtkgdcm, p-cpe:/a:debian:debian_linux:libvtkgdcm-java

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/26/2026

Vulnerability Publication Date: 4/25/2024

Reference Information

CVE: CVE-2024-22373, CVE-2024-22391, CVE-2024-25569, CVE-2025-11266, CVE-2025-48429, CVE-2025-52582, CVE-2025-53618, CVE-2025-53619, CVE-2026-3650