CVE-2022-2119

2022-06-2415:15:00

Debian Security Bug Tracker

security-tracker.debian.org

0.003 Low

EPSS

Percentile

68.0%

JSON

OFFIS DCMTK’s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

OSVersionArchitecturePackageVersionFilename
Debian12alldcmtk< 3.6.7-6dcmtk_3.6.7-6_all.deb
Debian11alldcmtk<= 3.6.5-1dcmtk_3.6.5-1_all.deb
Debian10alldcmtk<= 3.6.4-2.1dcmtk_3.6.4-2.1_all.deb
Debian999alldcmtk< 3.6.7-6dcmtk_3.6.7-6_all.deb
Debian13alldcmtk< 3.6.7-6dcmtk_3.6.7-6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	dcmtk	< 3.6.7-6	dcmtk_3.6.7-6_all.deb
Debian	11	all	dcmtk	<= 3.6.5-1	dcmtk_3.6.5-1_all.deb
Debian	10	all	dcmtk	<= 3.6.4-2.1	dcmtk_3.6.4-2.1_all.deb
Debian	999	all	dcmtk	< 3.6.7-6	dcmtk_3.6.7-6_all.deb
Debian	13	all	dcmtk	< 3.6.7-6	dcmtk_3.6.7-6_all.deb

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for DEBIANCVE:CVE-2022-2119