CVE-2025-14607

EPSS 0.05%
Veröffentlicht 13.12.2025 13:02:07
Zuletzt bearbeitet 15.12.2025 18:22:13
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerOFFIS

≫

Produkt DCMTK

Version 3.6.0

Status affected

Version 3.6.1

Status affected

Version 3.6.2

Status affected

Version 3.6.3

Status affected

Version 3.6.4

Status affected

Version 3.6.5

Status affected

Version 3.6.6

Status affected

Version 3.6.7

Status affected

Version 3.6.8

Status affected

Version 3.6.9

Status affected

Version 3.7.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://vuldb.com/?id.336283

https://vuldb.com/?ctiid.336283

https://vuldb.com/?submit.705036

https://support.dcmtk.org/redmine/issues/1184

https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02

https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a

https://support.dcmtk.org/redmine/versions/19

https://nvd.nist.gov/vuln/detail/CVE-2025-14607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14607

EUVD