Astra Linux - уязвимость в dcmtk

It was discovered that DCMTK v3.6.7 contains a memory leak through the TASCAssociation object...

Astra Linux - уязвимость в dcmtk

There is an incorrect type conversion vulnerability in the DVPSSoftcopyVOIPList::createFromImage function of OFFIS DCMTK 3.6.8. A specially crafted, malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в dcmtk

DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack...

CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

EUVD-2025-27190

Malicious code in bioql PyPI...

PYSEC-2025-141

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

MONAI 路径遍历漏洞

MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A path traversal vulnerability exists in MONAI 1.5.0 and earlier versions, which stems from improper handling of the extractall function and can lead to system file overwrites...

CVE-2025-58757 MONAI's unsafe use of Pickle deserialization may lead to RCE

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...

CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

DEBIAN-CVE-2025-25472

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service DoS via a crafted DCM file...

DCMTK Security Vulnerabilities

DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

Merative Merge DICOM Toolkit 安全漏洞

The Merative Merge DICOM Toolkit is a comprehensive API from Merative that complies with the latest DICOM standards. A security vulnerability exists in Merative Merge DICOM Toolkit C/C++ versions v5.6.0 through v.5.17.0, which stems from a memory access conflict that can be caused when reading an...

SUSE CVE-2024-28130

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOIPList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various...

DCMTK Heap Buffer Overflow Vulnerability

Offis DCMTK is a toolkit from Offis Germany that implements the DICOM Digital Imaging and Communications in Medicine protocol. It contains all the source code, support libraries, and help files, eliminating the need to write the various program modules associated with DICOM-format images. A heap...

Remote code execution

The GdPicture 1 Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control gdpicture4s.ocx 4.7.0.1 and 2 Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control gdpicturepro5s.ocx 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method...

CVE-2008-4453

The CVE-2008-4453 issue affects GdPicture Pro Imaging SDK 5.7.1 (GdPicturePro5S.Imaging) and GdPicture Light Imaging Toolkit 4.7.1 (GdPicture4S.Imaging) ActiveX controls (gdpicture4s.ocx, gdpicturepro5s.ocx). The SaveAsPDF method fails to validate input to the sFilePath parameter, enabling remote...