Unrated severityNVD Advisory· Published Jun 24, 2022· Updated Nov 3, 2025

OFFIS DCMTK Path Traversal

CVE-2022-2119

Description

OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

Affected products

Dcmtk/Dcmtkv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisa.gov/uscert/ics/advisories/icsma-22-174-01mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000