Dcmtk@* Security Vulnerabilities and Issues — Dcmtk@* CVE List

OffisDcmtk*

7 matches found

CVE•added 2022/06/24 3:0 p.m.•97 views

CVE-2022-2120

Offis DCMTK vulnerable: all versions prior to 3.6.7 of the service class user (SCU) in DCMTK allow relative path traversal, enabling writing DICOM files to arbitrary directories and potentially remote code execution. Multiple advisories (Debian DLA-4227, openSUSE/SUSE advisories, Ubuntu USN-5882-...

9.8CVSS8.8AI score0.02822EPSS

CVE•added 2022/06/24 3:0 p.m.•90 views

CVE-2022-2119

CVE-2022-2119 affects OFFIS DCMTK prior to 3.6.7, specifically the SCP service class. The vulnerability is a path traversal flaw that lets an attacker write DICOM files to arbitrary directories with controlled names, potentially enabling remote code execution. Public notices from Debian and openS...

9.8CVSS8.8AI score0.02822EPSS

CVE•added 2022/06/24 3:0 p.m.•88 views

CVE-2022-2121

CVE-2022-2121 affects OFFIS DCMTK: all versions before 3.6.7 are vulnerable to a NULL pointer dereference when processing DICOM files, which may lead to denial of service. Remediation is to upgrade to DCMTK 3.6.7 or newer; multiple advisories (Debian, Mageia, openSUSE, Astra Linux) note DCMTK upd...

7.5CVSS6.7AI score0.00711EPSS

CVE•added 2024/05/05 12:0 a.m.•81 views

CVE-2024-34509

DCMTK component dcmdata in DCMTK before 3.6.9 is affected by a segmentation fault triggered by an invalid DIMSE message (CVE-2024-34509). Public advisories confirm the issue and group it with related DCMTK DIMSE fault CVEs. The fixed version is DCMTK 3.6.9; remediation is to upgrade to or apply p...

5.3CVSS6.8AI score0.00748EPSS

CVE•added 2024/05/05 12:0 a.m.•72 views

CVE-2024-34508

DCMTK component dcmnet is affected by a segmentation fault caused by an invalid DIMSE message in versions before 3.6.9. The CVE-2024-34508 entry documents this issue with a network-facing DIMSE processing fault that can lead to a crash. The connected advisories consistently indicate remediation b...

4.3CVSS6.8AI score0.00687EPSS

CVE•added 2025/10/21 3:2 p.m.•15 views

CVE-2020-36855

CVE-2020-36855 affects DCMTK up to 3.6.5, specifically the dcmqrscp component and its parseQuota function. The issue is a stack-based buffer overflow caused by manipulated StorageQuota, requiring local access. The vulnerability has public exploits and is fixed by upgrading to DCMTK 3.6.6 (patch i...

5.5CVSS6.8AI score0.00222EPSS

CVE•added 2025/10/21 3:2 p.m.•11 views

CVE-2022-4981

CVE-2022-4981 affects DCMTK up to 3.6.7, with the vulnerable element in the dcmqrscp component: DcmQueryRetrieveConfig::readPeerList (file /dcmqrcnf.cc). The issue causes a null pointer dereference and is exploitable via local access. Public exploit information exists. The recommended fix is upgr...

5.5CVSS6.4AI score0.00255EPSS