Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-27629HistoryJun 28, 2024 - 7:15 p.m.
CVE-2024-27629
2024-06-2819:15:05
Debian Security Bug Tracker
security-tracker.debian.org
1
dc2niix
local attacker
arbitrary code
file names
system call
compression
unix
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | dcm2niix | <= 1.0.20220720-1 | dcm2niix_1.0.20220720-1_all.deb |
| Debian | 11 | all | dcm2niix | <= 1.0.20201102-1 | dcm2niix_1.0.20201102-1_all.deb |
| Debian | 999 | all | dcm2niix | <= 1.0.20220720-1 | dcm2niix_1.0.20220720-1_all.deb |
| Debian | 13 | all | dcm2niix | <= 1.0.20220720-1 | dcm2niix_1.0.20220720-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2024-27629
2024-07-01 00:00:00
cvelist
cvelist
CVE-2024-27629
2024-06-28 00:00:00
nvd
nvd
CVE-2024-27629
2024-06-28 19:15:05
cve
cve
CVE-2024-27629
2024-06-28 19:15:05