DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | dcmtk | < 3.6.7-1 | dcmtk_3.6.7-1_all.deb |
Debian | 11 | all | dcmtk | <= 3.6.5-1 | dcmtk_3.6.5-1_all.deb |
Debian | 10 | all | dcmtk | <= 3.6.4-2.1 | dcmtk_3.6.4-2.1_all.deb |
Debian | 999 | all | dcmtk | < 3.6.7-1 | dcmtk_3.6.7-1_all.deb |
Debian | 13 | all | dcmtk | < 3.6.7-1 | dcmtk_3.6.7-1_all.deb |