rpm package
suse/dcmtk&distro=SUSE Package Hub 15 SP4
pkg:rpm/suse/dcmtk&distro=SUSE%20Package%20Hub%2015%20SP4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43272 | — | < 3.6.7-bp154.2.3.1 | 3.6.7-bp154.2.3.1 | Dec 2, 2022 | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | ||
| CVE-2022-2119 | — | < 3.6.7-bp154.2.3.1 | 3.6.7-bp154.2.3.1 | Jun 24, 2022 | OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | ||
| CVE-2022-2121 | — | < 3.6.7-bp154.2.3.1 | 3.6.7-bp154.2.3.1 | Jun 24, 2022 | OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. | ||
| CVE-2022-2120 | — | < 3.6.7-bp154.2.3.1 | 3.6.7-bp154.2.3.1 | Jun 24, 2022 | OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. |
- CVE-2022-43272Dec 2, 2022affected < 3.6.7-bp154.2.3.1fixed 3.6.7-bp154.2.3.1
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
- CVE-2022-2119Jun 24, 2022affected < 3.6.7-bp154.2.3.1fixed 3.6.7-bp154.2.3.1
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
- CVE-2022-2121Jun 24, 2022affected < 3.6.7-bp154.2.3.1fixed 3.6.7-bp154.2.3.1
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.
- CVE-2022-2120Jun 24, 2022affected < 3.6.7-bp154.2.3.1fixed 3.6.7-bp154.2.3.1
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.