CVE-2025-2581

NameCVE-2025-2581
DescriptionA vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4237-1
Debian Bugs1100986

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xmedcon (PTS)bullseye0.16.3+dfsg-1+deb11u1vulnerable
bullseye (security)0.16.3+dfsg-1+deb11u2fixed
bookworm0.23.0-gtk3+dfsg-1+deb12u2fixed
forky, sid, trixie0.25.1-gtk3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xmedconsourcebullseye0.16.3+dfsg-1+deb11u2DLA-4237-1
xmedconsourcebookworm0.23.0-gtk3+dfsg-1+deb12u2
xmedconsource(unstable)0.25.1-gtk3+dfsg-11100986

Notes

https://xmedcon.sourceforge.io/Main/New
https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
affects only arches where int64_t != size_t (32 bits arches)
Search for package or bug name: Reporting problems