CyberSec.Space Logo
Back to CVE Browser

CVE-2015-8397

HIGH
8.2
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile20.84th
PublishedJan 12, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.

Affected Platforms (CPE)

πŸ“¦
Malaterre

Grassroots Dicom

< 2.6.2

References & Advisories

πŸ”— http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
πŸ”— http://packetstormsecurity.com/files/135206/GDCM-2.6.0-2.6.1-Out-Of-Bounds-Read.html
πŸ”— http://seclists.org/fulldisclosure/2016/Jan/33
πŸ”— http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
πŸ”— http://sourceforge.net/p/gdcm/mailman/message/34670701/
πŸ”— http://sourceforge.net/p/gdcm/mailman/message/34687533/
πŸ”— http://www.securityfocus.com/archive/1/537263/100/0/threaded
πŸ”— http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/

Related Vulnerabilities

CVE-2015-839610.0

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grass...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...