Offis

Dcmtk

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-14607

  • EPSS 0.05%
  • Veröffentlicht 13.12.2025 13:02:07
  • Zuletzt bearbeitet 15.12.2025 18:22:13

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The att...

5.5

CVE-2022-4981

Exploit
  • EPSS 0.01%
  • Veröffentlicht 21.10.2025 15:15:37
  • Zuletzt bearbeitet 31.10.2025 14:55:59

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to...

5.5

CVE-2020-36855

Exploit
  • EPSS 0.03%
  • Veröffentlicht 21.10.2025 15:15:36
  • Zuletzt bearbeitet 31.10.2025 15:04:02

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required t...

7.8

CVE-2025-9732

  • EPSS 0.02%
  • Veröffentlicht 31.08.2025 14:02:06
  • Zuletzt bearbeitet 05.09.2025 20:21:46

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approa...

7.5

CVE-2025-2357

  • EPSS 0.29%
  • Veröffentlicht 17.03.2025 01:31:04
  • Zuletzt bearbeitet 03.11.2025 20:18:08

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The explo...

7.5

CVE-2025-25475

  • EPSS 0.48%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 04.11.2025 20:40:26

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

6.5

CVE-2025-25474

  • EPSS 0.27%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 04.11.2025 20:33:27

DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.

5.3

CVE-2025-25472

  • EPSS 0.28%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 04.11.2025 20:31:41

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.

7.8

CVE-2024-52333

Exploit
  • EPSS 0.08%
  • Veröffentlicht 13.01.2025 15:15:09
  • Zuletzt bearbeitet 03.11.2025 21:17:21

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerabili...

7.8

CVE-2024-47796

Exploit
  • EPSS 0.08%
  • Veröffentlicht 13.01.2025 15:15:08
  • Zuletzt bearbeitet 03.11.2025 21:16:30

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.