Offis

Dcmtk

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.44%
  • Veröffentlicht 30.06.2026 21:27:42
  • Zuletzt bearbeitet 01.07.2026 18:17:31

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

  • EPSS 0.38%
  • Veröffentlicht 30.06.2026 21:14:01
  • Zuletzt bearbeitet 01.07.2026 18:17:31

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting ...

  • EPSS 0.38%
  • Veröffentlicht 30.06.2026 21:09:46
  • Zuletzt bearbeitet 01.07.2026 18:17:31

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

  • EPSS 0.37%
  • Veröffentlicht 30.06.2026 21:06:36
  • Zuletzt bearbeitet 01.07.2026 18:17:31

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.

  • EPSS 0.4%
  • Veröffentlicht 30.06.2026 20:54:35
  • Zuletzt bearbeitet 01.07.2026 18:17:31

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.

Exploit
  • EPSS 0.28%
  • Veröffentlicht 21.06.2026 19:15:07
  • Zuletzt bearbeitet 23.06.2026 14:17:22

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. ...

  • EPSS 0.25%
  • Veröffentlicht 31.05.2026 16:30:08
  • Zuletzt bearbeitet 01.06.2026 15:15:37

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based b...

  • EPSS 1.72%
  • Veröffentlicht 06.04.2026 14:15:11
  • Zuletzt bearbeitet 27.04.2026 18:43:25

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection....

  • EPSS 0.11%
  • Veröffentlicht 18.12.2025 00:02:08
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the compon...

  • EPSS 0.23%
  • Veröffentlicht 13.12.2025 13:02:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The att...