CVEブラウザに戻る

CVE-2015-8397

HIGH

8.2

CVSS Severity Score

EPSS Score0.1050%

EPSS Percentile20.84th

Published2016年1月12日

Last Modified2026年5月6日

Vulnerability Description

The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.

Affected Platforms (CPE)

📦

Malaterre

Grassroots Dicom

< 2.6.2

References & Advisories

🔗 http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/

🔗 http://packetstormsecurity.com/files/135206/GDCM-2.6.0-2.6.1-Out-Of-Bounds-Read.html

🔗 http://seclists.org/fulldisclosure/2016/Jan/33

🔗 http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/

🔗 http://sourceforge.net/p/gdcm/mailman/message/34670701/

🔗 http://sourceforge.net/p/gdcm/mailman/message/34687533/

🔗 http://www.securityfocus.com/archive/1/537263/100/0/threaded

🔗 http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/

関連する脆弱性情報

CVE-2015-839610.0

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grass...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...