VYPR

rpm package

opensuse/dcmtk&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/dcmtk&distro=openSUSE%20Tumbleweed

Vulnerabilities (12)

  • CVE-2026-5663HigApr 6, 2026
    affected < 3.7.0-2.1fixed 3.7.0-2.1

    A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the at

  • CVE-2025-14841LowDec 18, 2025
    affected < 3.7.0-1.1fixed 3.7.0-1.1

    A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulatio

  • CVE-2025-14607MedDec 13, 2025
    affected < 3.7.0-1.1fixed 3.7.0-1.1

    A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely.

  • CVE-2025-9732Aug 31, 2025
    affected < 3.6.9-4.1fixed 3.6.9-4.1

    A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of th

  • CVE-2025-2357Mar 17, 2025
    affected < 3.6.9-3.1fixed 3.6.9-3.1

    A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the p

  • CVE-2025-25475Feb 18, 2025
    affected < 3.6.9-2.1fixed 3.6.9-2.1

    A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

  • CVE-2025-25474Feb 18, 2025
    affected < 3.6.9-2.1fixed 3.6.9-2.1

    DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.

  • CVE-2025-25472Feb 18, 2025
    affected < 3.6.9-2.1fixed 3.6.9-2.1

    A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.

  • CVE-2024-52333Jan 13, 2025
    affected < 3.6.9-1.1fixed 3.6.9-1.1

    An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-47796Jan 13, 2025
    affected < 3.6.9-1.1fixed 3.6.9-1.1

    An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-27628Jun 28, 2024
    affected < 3.6.8-5.1fixed 3.6.8-5.1

    Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.

  • CVE-2024-34509May 5, 2024
    affected < 3.6.8-5.1fixed 3.6.8-5.1

    dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.