group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 2081100] Re: Regression: CVE-2021-41687 introduces a segmentation fault on storescu

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2081100@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Jul 2025 04:49:34 -0000
Reply-to: Bug 2081100 <2081100@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
This bug was fixed in the package dcmtk - 3.6.4-2.1ubuntu0.2

---------------
dcmtk (3.6.4-2.1ubuntu0.2) focal-security; urgency=medium

  [ Matthew Ruffell <matthew.ruffell@xxxxxxxxxxxxx> ]
  * SECURITY REGRESSION: Fix segmentation fault introduced by
    CVE-2021-41687 merging two methods that actually did very
    different things. (LP: #2081100)
    - d/p/CVE-2021-41687-2.patch: Fixed bug introduced in a9697d.

 -- Shishir Subedi <shishir.subedi@xxxxxxxxxxxxx>  Mon, 07 Jul 2025
16:15:34 +0545

** Changed in: dcmtk (Ubuntu Focal)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2081100

Title:
  Regression: CVE-2021-41687 introduces a segmentation fault on storescu

Status in Ubuntu Pro:
  In Progress
Status in Ubuntu Pro 16.04 series:
  In Progress
Status in Ubuntu Pro 18.04 series:
  In Progress
Status in Ubuntu Pro 20.04 series:
  In Progress
Status in dcmtk package in Ubuntu:
  Confirmed
Status in dcmtk source package in Xenial:
  Won't Fix
Status in dcmtk source package in Bionic:
  Won't Fix
Status in dcmtk source package in Focal:
  Fix Released
Status in dcmtk source package in Jammy:
  Fix Released
Status in dcmtk source package in Noble:
  Fix Released

Bug description:
  [Impact]

  The patch for CVE-2021-41687, below:

  commit a9697dfeb672b0b9412c00c7d36d801e27ec85cb
  Author: Michael Onken <onken@xxxxxxxxxxxxxxxxxxx>
  Date:  Sat Oct 2 00:29:56 2021 +0200
  Subject: Fixed poss. NULL pointer dereference/double free.
  Link: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb

  takes two very similar functions:

  dcmnet/libsrc/assoc.cc
  static void destroyPresentationContextList(LST_HEAD ** lst)

  dcmnet/libsrc/dulfsm.cc
  void destroyPresentationContextList(LST_HEAD ** l)

  which have suspiciously similar names, suspiciously similar signatures, and
  suspiciously close functionalities, and merges them into a single, new
  implementation:

  dcmnet/libsrc/helpers.cc
  void destroyPresentationContextList(LST_HEAD ** l)

  which is pretty much the one from dcmnet/libsrc/dulfsm.cc.

  The problem is, they do very different things, and introduce a segmentation
  fault any time ASC_destroyAssociationParameters() is called.

  This breaks storescp, and there are no workarounds.

  Affected versions:
  focal 3.6.4-2.1ubuntu0.1
  bionic 3.6.2-3ubuntu0.1~esm2
  xenial 3.6.1~20150924-5ubuntu0.1~esm2

  [Testcase]

  $ sudo apt install dcmtk

  Download a test .dcm image from:
  https://support.dcmtk.org/redmine/projects/dcmtk/wiki/DICOM_images

  Open two terminals. On one. run:
  $ storescp 1437
  Segmentation fault (core dumped)

  and on the other:
  $ dcmsend localhost 1437 rp_test.dcm
  Segmentation fault (core dumped)

  Both processes will segmentation fault after the file has been
  transmitted.

  If you install test packages from the following ppa:

  https://launchpad.net/~mruffell/+archive/ubuntu/sf413845-test

  The segmentation faults will no longer occur.

  [Where problems can occur]

  We are correcting multiple function calls to point back to the old 
  implementation that it used to use before the changes were made. This function
  does have a new name, and there are risks that some functions will slip through
  the cracks, as the previous function calls have an identical name as another
  function that has an incorrect implementation.

  If a regression were to occur, it would likely cause a segmentation fault and
  crash, leading to a loss of service. Given that dcmtk is for medical imaging,
  reliability is one of the most important things this software needs to deliver.

  [Other info]

  The issue was fixed by:

  commit 32ae3e5137e5a52f61a8dc9186f2539226794217
  Author: Michael Onken <onken@xxxxxxxxxxxxxxxxxxx>
  Date:  Sat Oct 9 22:10:43 2021 +0200
  Subject: Fixed bug introduced in a9697d.
  Link: https://github.com/DCMTK/dcmtk/commit/32ae3e5137e5a52f61a8dc9186f2539226794217

  This patch pretty much restores the implementation from dcmnet/libsrc/assoc.cc
  and gives it a new name:

  dcmnet/libsrc/assoc.cc
  void destroyDULParamPresentationContextList(LST_HEAD ** lst)

  noble has the patch in a point release, jammy has the patch as part of 
  CVE-2021-41687. focal, bionic and xenial need this patch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-pro/+bug/2081100/+subscriptions