dcmtk
by Debian
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-52868 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation. | |||
| CVE-2026-50003 | 0.00 | — | 0.00 | Jul 4, 2026 | A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths. | |||
| CVE-2026-44628 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record. | |||
| CVE-2026-35505 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart. | |||
| CVE-2026-50254 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator… |
- CVE-2026-52868Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
- CVE-2026-50003Jul 4, 2026risk 0.00cvss —epss 0.00
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
- CVE-2026-44628Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.
- CVE-2026-35505Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
- CVE-2026-50254Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator…