CVE-2025-14607

EPSS 0.07%
Veröffentlicht 13.12.2025 13:02:07
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 10

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerOFFIS

≫

Produkt DCMTK

Version 3.6.0

Status affected

Version 3.6.1

Status affected

Version 3.6.2

Status affected

Version 3.6.3

Status affected

Version 3.6.4

Status affected

Version 3.6.5

Status affected

Version 3.6.6

Status affected

Version 3.6.7

Status affected

Version 3.6.8

Status affected

Version 3.6.9

Status affected

Version 3.7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.209

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://vuldb.com/?id.336283

https://vuldb.com/?ctiid.336283

https://vuldb.com/?submit.705036

https://support.dcmtk.org/redmine/issues/1184

https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02

https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a

https://support.dcmtk.org/redmine/versions/19

https://nvd.nist.gov/vuln/detail/CVE-2025-14607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14607

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-14607