CVE-2015-8979 Debian CVE debrief

Who should care

Organizations running DICOM storage services based on dcmtk storescp, especially deployments that expose TCP port 4242 to untrusted networks. Debian users should also check packaged dcmtk versions and any downstream security advisories.

Technical summary

The vulnerability is a stack-based buffer overflow in parsePresentationContext within storescp. The NVD record classifies it as CWE-119 and maps it to dcmtk versions 3.6.0 and earlier, with a vulnerable CPE also present for Debian Linux 8.0. The attack surface is network-based and the reported impact is denial of service via process crash.

Defensive priority

High. The issue is easy to reach remotely and can interrupt a medical imaging workflow or any other DICOM storage service using the affected component. The published CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Recommended defensive actions

• Identify whether any systems run dcmtk storescp or a DICOM service built from dcmtk 3.6.0 or earlier.
• Apply the vendor or downstream package update referenced in the advisory and mailing-list references, then verify the installed package version.
• Restrict network access to TCP port 4242 to trusted hosts and segments until affected systems are remediated.
• Monitor for repeated crashes or segmentation faults in DICOM storage daemons and review service logs for suspicious long input handling.

Evidence notes

This debrief is based on the NVD CVE record and the references listed there. The supplied description states that parsePresentationContext in storescp can overflow a stack buffer when given a long string over TCP port 4242, causing a segmentation fault. The NVD metadata also lists CWE-119, CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, dcmtk 3.6.0 and earlier as vulnerable, and a Debian Linux 8.0 CPE mapping.

Official resources