Lucene search
K

1498 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.4 views

EUVD-2026-40422

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 10:16 p.m.4 views

DEBIAN-CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.3CVSS5.9AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 9:27 p.m.33 views

CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS0.00435EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 9:27 p.m.6 views

CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS5.9AI score0.00435EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 9:14 p.m.35 views

CVE-2026-50254 OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...

8.7CVSS0.00379EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:9 p.m.35 views

CVE-2026-35505 OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...

8.7CVSS0.00379EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 8:54 p.m.34 views

CVE-2026-44628 OFFIS DCMTK Toolkit Type Confusion

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS0.00395EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-53992

Name of the Vulnerable Software and Affected Versions DCMTK affected versions not specified Description A compromised or malicious server can force a client to write files outside the designated output directory. This occurs when the client uses the bit-preserving C-GET storage mode, allowing the...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/29 10:3 a.m.7 views

ImageMagick: ImageMagick: Denial of Service via crafted DCM image with invalid dimensions

A flaw was found in ImageMagick. A missing check in the DCM Digital Imaging and Communications in Medicine decoder allows a remote attacker to provide a specially crafted image with invalid dimensions. This can lead to crashes in other operations, resulting in a denial of service DoS for the...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-22879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability CVE-2026-22879 Note that Nessus relies on the presence of the package as...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 8:4 a.m.9 views

CVE-2026-22879

A flaw was found in vtk-dicom. A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::NewDataElement function. A remote attacker could exploit this vulnerability without requiring user interaction or elevated privileges. Successful exploitation could lead to arbitrary code...

8.1CVSS6.3AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS0.0032EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:17 p.m.4 views

DEBIAN-CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 9:52 p.m.10 views

EUVD-2026-36184

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:46 p.m.7 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:46 p.m.26 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 9:46 p.m.17 views

CVE-2026-22879

The CVE concerns the vtk-dicom component, specifically the vtkDICOMItem::NewDataElement function. It is described as a heap-based buffer overflow vulnerability in vtk-dicom. The CVSSv3.1 vector indicates a high-severity issue (C:H, I:H, A:H) with network attack vector, high attack complexity, no ...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 p.m.9 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:46 p.m.12 views

CVE-2026-56445

The CVE-2026-56445 issue affects the qrscp application’s C-STORE handler. It directly uses an attacker-supplied DICOM dataset instance in os.path.join() without sanitization, enabling writes to arbitrary file paths on the system. This is a path traversal vulnerability in the file-write path, with...

9.1CVSS6AI score0.00434EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:38 p.m.22 views

CVE-2026-12473 OHIF Viewers DICOM Server-Side request forgery

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS0.00232EPSS
Exploits0References2
Rows per page
Query Builder