CVE-2025-2357: 
Linux Debian vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-2357) was discovered in DCMTK 3.6.9, specifically affecting the dcmjpls JPEG-LS Decoder component. The vulnerability was discovered on March 3, 2025, and involves memory corruption that can be triggered through remote exploitation. The issue was identified through fuzz testing and has been publicly disclosed (DCMTK Issue, NVD).

The vulnerability stems from insufficient validation of input data in the JPEG-LS decoder component, which can lead to memory corruption when processing invalid input data. The issue has received a CVSS v4.0 score of 5.3 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N, and a CVSS v3.1 score of 6.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (NVD).

The vulnerability can result in memory corruption when processing malformed JPEG-LS data, potentially leading to application crashes and denial of service conditions. The attack can be initiated remotely, and the exploit has been publicly disclosed (NVD).

A patch (commit 3239a7915) has been released to address this vulnerability. It is strongly recommended to apply this patch to affected systems. The fix has been implemented and the issue is marked as resolved in the upcoming version 3.7.0 (DCMTK Issue).