134 matches found
EUVD-2026-40422
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...
CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...
CVE-2026-50254 OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...
CVE-2026-35505 OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...
CVE-2026-44628 OFFIS DCMTK Toolkit Type Confusion
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...
PT-2026-53992
Name of the Vulnerable Software and Affected Versions DCMTK affected versions not specified Description A compromised or malicious server can force a client to write files outside the designated output directory. This occurs when the client uses the bit-preserving C-GET storage mode, allowing the...
Astra Linux – Vulnerability in dcmtk
A vulnerability was detected in OFFIS DCMTK up to version 3.6.9. The issue affects the function DcmByteString::makeDicomByteString in the file dcmdata/libsrc/dcbytstr.cc of the dcmdata component. This manipulation can lead to memory corruption. The attack can be launched remotely. Upgrading to...
Astra Linux – Vulnerability in dcmtk
A vulnerability was identified in DCMTK up to version 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to exploit this attack. The name of the patch is...
CVE-2026-12805
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
DEBIAN-CVE-2026-12805
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
UBUNTU-CVE-2026-12805
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
CVE-2026-12805 OFFIS DCMTK ofxml.cc parseFile heap-based overflow
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
CVE-2026-12805 OFFIS DCMTK ofxml.cc parseFile heap-based overflow
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
EUVD-2026-38191
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
Astra Linux – Vulnerability in dcmtk
DCMTK through version 3.6.6 does not handle memory deallocation properly. The malloc function allocates heap memory for data parsing, but does not deallocate that memory when there are errors in parsing. Sending specific requests to the dcmqrdb program leads to memory leaks. An attacker can use...
Astra Linux – Vulnerability in dcmtk
DCMTK through version 3.6.6 does not handle string copying properly. When specific requests are sent to the dcmqrdb program, it queries its database and copies the result, even if the result is null. This can lead to a head-based overflow. An attacker can use this vulnerability to launch a DoS...
Astra Linux – Vulnerability in dcmtk
The service class provider SCP of OFFIS DCMTK all versions prior to 3.6.7 is vulnerable to path traversal attacks, allowing attackers to write DICOM files into arbitrary directories under controlled names. This could enable remote code execution...
Astra Linux – Vulnerability in dcmtk
A security vulnerability has been detected in DCMTK up to version 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. Manipulating the argument StorageQuota leads to a stack-based buffer overflow. Access to local resources is required to exploit this vulnerability. T...
DEBIAN-CVE-2026-10528
A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...
CVE-2026-10194
CVE-2026-10194 affects OFFIS DCMTK 3.7.0, specifically the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages in dcmqrdb/libsrc/dcmqrdbi.cc of the dcmqrscp component. The issue is a heap-based buffer overflow that can be triggered by manipulation and may be exploitable remotely. A p...