CVE-2026-3650 describes a denial-of-service condition in the Grassroots DICOM (GDCM) library. When the parser processes malformed DICOM files with non-standard VR types in file meta information, it can trigger very large allocations and fail to release memory properly, allowing a malicious file to consume heap space in a single read. The result is resource depletion and service impact rather than code exe [truncated]
CVE-2025-11266 is a medium-severity memory-safety flaw in Grassroots DICOM (GDCM) that can be triggered by opening a crafted DICOM file. The advisory says malformed encapsulated PixelData fragments can cause an unsigned integer underflow in buffer indexing, leading to an out-of-bounds memory access and segmentation fault. In practical terms, this is a denial-of-service issue for software that parses untru [truncated]
