CVE-2024-34509

Publication date 5 May 2024

Last updated 17 September 2024

Ubuntu priority

dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dcmtk	24.10 oracular	Needs evaluation
	24.04 LTS noble	Fixed 3.6.7-9.1ubuntu0.1~esm1 Ubuntu Pro
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Fixed 3.6.6-5ubuntu0.1~esm2 Ubuntu Pro
	20.04 LTS focal	Fixed 3.6.4-2.1ubuntu0.1
	18.04 LTS bionic	Fixed 3.6.2-3ubuntu0.1~esm2 Ubuntu Pro
	16.04 LTS xenial	Fixed 3.6.1~20150924-5ubuntu0.1~esm2 Ubuntu Pro

How can I get the fixes?
What do statuses mean?

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-7010-1
DCMTK vulnerabilities
17 September 2024

Other references

https://www.cve.org/CVERecord?id=CVE-2024-34509
https://support.dcmtk.org/redmine/issues/1114
https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5