rpm package
opensuse/dcmtk&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/dcmtk&distro=openSUSE%20Tumbleweed
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5663 | Hig | 7.3 | < 3.7.0-2.1 | 3.7.0-2.1 | Apr 6, 2026 | A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the at | |
| CVE-2025-14841 | Low | 3.3 | < 3.7.0-1.1 | 3.7.0-1.1 | Dec 18, 2025 | A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulatio | |
| CVE-2025-14607 | Med | 6.3 | < 3.7.0-1.1 | 3.7.0-1.1 | Dec 13, 2025 | A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. | |
| CVE-2025-9732 | — | < 3.6.9-4.1 | 3.6.9-4.1 | Aug 31, 2025 | A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of th | ||
| CVE-2025-2357 | — | < 3.6.9-3.1 | 3.6.9-3.1 | Mar 17, 2025 | A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the p | ||
| CVE-2025-25475 | — | < 3.6.9-2.1 | 3.6.9-2.1 | Feb 18, 2025 | A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file. | ||
| CVE-2025-25474 | — | < 3.6.9-2.1 | 3.6.9-2.1 | Feb 18, 2025 | DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. | ||
| CVE-2025-25472 | — | < 3.6.9-2.1 | 3.6.9-2.1 | Feb 18, 2025 | A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. | ||
| CVE-2024-52333 | — | < 3.6.9-1.1 | 3.6.9-1.1 | Jan 13, 2025 | An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2024-47796 | — | < 3.6.9-1.1 | 3.6.9-1.1 | Jan 13, 2025 | An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2024-27628 | — | < 3.6.8-5.1 | 3.6.8-5.1 | Jun 28, 2024 | Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. | ||
| CVE-2024-34509 | — | < 3.6.8-5.1 | 3.6.8-5.1 | May 5, 2024 | dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. |
- affected < 3.7.0-2.1fixed 3.7.0-2.1
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the at
- affected < 3.7.0-1.1fixed 3.7.0-1.1
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulatio
- affected < 3.7.0-1.1fixed 3.7.0-1.1
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely.
- CVE-2025-9732Aug 31, 2025affected < 3.6.9-4.1fixed 3.6.9-4.1
A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of th
- CVE-2025-2357Mar 17, 2025affected < 3.6.9-3.1fixed 3.6.9-3.1
A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the p
- CVE-2025-25475Feb 18, 2025affected < 3.6.9-2.1fixed 3.6.9-2.1
A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.
- CVE-2025-25474Feb 18, 2025affected < 3.6.9-2.1fixed 3.6.9-2.1
DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.
- CVE-2025-25472Feb 18, 2025affected < 3.6.9-2.1fixed 3.6.9-2.1
A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.
- CVE-2024-52333Jan 13, 2025affected < 3.6.9-1.1fixed 3.6.9-1.1
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2024-47796Jan 13, 2025affected < 3.6.9-1.1fixed 3.6.9-1.1
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2024-27628Jun 28, 2024affected < 3.6.8-5.1fixed 3.6.8-5.1
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
- CVE-2024-34509May 5, 2024affected < 3.6.8-5.1fixed 3.6.8-5.1
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.