CVE-2026-12805

A flaw was found in OFFIS DCMTK. A remote attacker could exploit this vulnerability by manipulating input to the XMLNode::parseFile function. This can lead to a heap-based buffer overflow, a type of memory corruption, which may result in information disclosure or denial of service. Mitigation Use...

Linux Distros Unpatched Vulnerability : CVE-2026-12805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a...

CVE-2026-12805

The vulnerability CVE-2026-12805 affects OFFIS DCMTK up to 3.7.0, specifically the XMLNode::parseFile function in ofstd/libsrc/ofxml.cc. A heap-based buffer overflow can be triggered remotely via manipulation. An exploit has been published and may be used. The patch is tracked by commit 1d4b3815c...

Linux Distros Unpatched Vulnerability : CVE-2026-10194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file...

UBUNTU-CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

CVE-2026-10194 OFFIS DCMTK dcmqrscp dcmqrdbi.cc deleteOldestImages heap-based overflow

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

UBUNTU-CVE-2026-5663

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible...

CVE-2026-5663 OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible...

CVE-2026-5663

OFFIS DCMTK up to 3.7.0 contains a vulnerability in the storescp component (dcmnet/apps/storescp.cc: executeOnReception/executeOnEndOfStudy) that allows os command injection through manipulation. Remote exploitation is possible. A patch (edbb085e45788dccaf0e64d71534cfca925784b8) is available and ...

PT-2026-30606

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions up to 3.7.0 Description A security flaw exists in OFFIS DCMTK up to version 3.7.0. The issue affects the executeOnReception/executeOnEndOfStudy function within the dcmnet/apps/storescp.cc file of the storescp component...

Linux Distros Unpatched Vulnerability : CVE-2026-5663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file...

CVE-2025-14841

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

DEBIAN-CVE-2025-14841

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

CVE-2025-14841

OFFIS DCMTK

PT-2025-51987

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions up to 3.6.9 Description A flaw exists in the DCMTK library, specifically within the DcmQueryRetrieveIndexDatabaseHandle::startFindRequest and DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest functions located in the...

CVE-2025-14607

A flaw was found in OFFIS DCMTK Digital Imaging and Communications in Medicine Toolkit. This vulnerability allows memory corruption via a remote attack. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteri...

Linux Distros Unpatched Vulnerability : CVE-2025-14607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file...

CVE-2025-14607

OFFIS DCMTK vulnerability CVE-2025-14607 affects DCMTK up to 3.6.9, specifically the DcmByteString::makeDicomByteString function in dcmdata. This memory corruption can be triggered remotely via crafted DICOM datasets. Affected versions are DCMTK 3.6.x up to 3.6.9; remediation is to upgrade to DCM...

CVE-2025-14607 OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...