Offis

Dcmtk

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-5663

  • EPSS 0.39%
  • Veröffentlicht 06.04.2026 14:15:11
  • Zuletzt bearbeitet 27.04.2026 18:43:25

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection....

3.3

CVE-2025-14841

  • EPSS 0.02%
  • Veröffentlicht 18.12.2025 00:02:08
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the compon...

6.5

CVE-2025-14607

  • EPSS 0.07%
  • Veröffentlicht 13.12.2025 13:02:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The att...

5.5

CVE-2022-4981

Exploit
  • EPSS 0.02%
  • Veröffentlicht 21.10.2025 15:15:37
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to...

5.5

CVE-2020-36855

Exploit
  • EPSS 0.04%
  • Veröffentlicht 21.10.2025 15:15:36
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required t...

7.8

CVE-2025-9732

  • EPSS 0.03%
  • Veröffentlicht 31.08.2025 14:02:06
  • Zuletzt bearbeitet 05.09.2025 20:21:46

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approa...

7.5

CVE-2025-2357

  • EPSS 0.17%
  • Veröffentlicht 17.03.2025 01:31:04
  • Zuletzt bearbeitet 03.11.2025 20:18:08

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The explo...

7.5

CVE-2025-25475

  • EPSS 0.2%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 04.11.2025 20:40:26

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

6.5

CVE-2025-25474

  • EPSS 0.21%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 04.11.2025 20:33:27

DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.

5.3

CVE-2025-25472

  • EPSS 0.22%
  • Veröffentlicht 18.02.2025 23:15:10
  • Zuletzt bearbeitet 04.11.2025 20:31:41

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.