Astra Linux - уязвимость в dcmtk

A vulnerability was detected in OFFIS DCMTK up to version 3.6.9. The issue affects the function DcmByteString::makeDicomByteString in the file dcmdata/libsrc/dcbytstr.cc of the dcmdata component. This manipulation can lead to memory corruption. The attack can be launched remotely. Upgrading to...

Astra Linux - уязвимость в dcmtk

DCMTK through version 3.6.6 does not handle string copying properly. When specific requests are sent to the dcmqrdb program, it queries its database and copies the result, even if the result is null. This can lead to a head-based overflow. An attacker can use this vulnerability to launch a DoS...

Astra Linux - уязвимость в dcmtk

DCMTK’s version 3.6.6 does not handle memory release properly. The memory allocated for storing all file information is stored in a global variable called LST, and this memory is not released properly. Making specific requests to the dcmqrdb program can lead to a memory leak. An attacker can use...

Astra Linux – Vulnerability in dcmtk

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service DoS attack through a malicious DCM file...

OFFIS DCMTK 操作系统命令注入漏洞

OFFIS DCMTK is a collection of libraries and applications developed by the German company OFFIS that implement most DICOM standards. It includes software for checking, processing, and converting DICOM image files, handling offline media, sending and receiving images via network connections, as we...

MGASA-2026-0040 Updated dcmtk packages fix security vulnerabilities

OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption. CVE-2025-14607 OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference. CVE-2025-14841...

[SECURITY] [DLA 4443-1] dcmtk security update

Debian LTS Advisory DLA-4443-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 19, 2026 https://wiki.debian.org/LTS Package : dcmtk Version : 3.6.5-1+deb11u6 CVE ID : CVE-2025-14607 CVE-2025-14841 Debian Bug : 1122926 1123584 Two vulnerabilities have been...

Astra Linux – Vulnerability in dcmtk

A vulnerability was detected in DCMTK up to version 3.6.7. The affected element is the function DcmQueryRetrieveConfig::readPeerList in the file /dcmqrcnf.cc of the component dcmqrscp. This vulnerability results in a null pointer dereference. The attack can be carried out locally. The exploit is...

CVE-2025-14841

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

CVE-2025-14841

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

CVE-2025-14841 OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the makeDicomByteString function in the dcmdata component when processing specially crafted DICOM data. An attacker can cause memory corruption, potentially leading to information disclosure, data integrity compromise,...

[SECURITY] [DLA 4363-1] dcmtk security update

Debian LTS Advisory DLA-4363-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 03, 2025 https://wiki.debian.org/LTS Package : dcmtk Version : 3.6.5-1+deb11u5 CVE ID : CVE-2020-36855 CVE-2022-4981 CVE-2025-9732 Debian Bug : 1113993 Several vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2022-4981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the...

SUSE CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

EUVD-2025-35181

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

EUVD-2025-35179

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

DEBIAN-CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2022-4981

CVE-2022-4981 affects DCMTK up to 3.6.7, with the vulnerable element in the dcmqrscp component: DcmQueryRetrieveConfig::readPeerList (file /dcmqrcnf.cc). The issue causes a null pointer dereference and is exploitable via local access. Public exploit information exists. The recommended fix is upgr...