Updated dcmtk packages fix security vulnerabilities

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is...

CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

EUVD-2021-28700

Malicious code in bioql PyPI...

EUVD-2021-28701

Malicious code in bioql PyPI...

EUVD-2025-4573

Malicious code in bioql PyPI...

EUVD-2021-28699

Malicious code in bioql PyPI...

CVE-2025-2357

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2025-2357

DCMTK 3.6.9 contains a memory-corruption vulnerability in the dcmjpls JPEG-LS Decoder. The issue can be exploited remotely, with exploitation information reported publicly. A patch named 3239a7915 is referenced as fixes for this issue; applying the patch is the advised remediation. The CVE descri...

CVE-2025-2357 DCMTK dcmjpls JPEG-LS Decoder memory corruption

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2025-25472

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DCM file...

CVE-2025-25475

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DICOM file...

CVE-2025-25475

CVE-2025-25475 affects DCMTK v3.6.9+ DEV and is caused by a NULL pointer dereference in /libsrc/dcrleccd.cc, enabling a crafted DICOM file to trigger a Denial of Service. Connected advisories confirm this issue and note fixes in various Linux distros (e.g., Debian DLA-4227, openSUSE SUSE advisory...

CVE-2025-25474

DCMTK v3.6.9+ DEV contains a buffer overflow in the dcmimgle/diinpxt.h component (CVE-2025-25474). Multiple connected advisories confirm the issue and note fixes/updates exist (e.g., Debian, openSUSE, Mageia, TencentOS/SUSE advisories). Remediation is to upgrade to patched DCMTK versions as provi...

CVE-2025-25474

DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h...

CVE-2025-25475

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DICOM file...

CVE-2025-25472

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DCM file...

PT-2025-7097 · Dcmtk +2 · Dcmtk +2

Name of the Vulnerable Software and Affected Versions: DCMTK versions 3.6.9 and later Description: A NULL pointer dereference in the component /libsrc/dcrleccd.cc allows attackers to cause a Denial of Service DoS via a crafted DICOM file. Recommendations: For DCMTK versions 3.6.9 and later, as a...

CVE-2025-25472

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DCM file...

CVE-2024-52333

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

PT-2025-2776

Name of the Vulnerable Software and Affected Versions: OFFIS DCMTK version 3.6.8 Description: An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a maliciou...