VYPR
Vendor

Dcmtk

Products
1
CVEs
29
Across products
29
Status
Private

Products

1

Recent CVEs

29
View all 29 CVEs →
  • CVE-2015-8979HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.04

    Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.

  • CVE-2026-10194MedMay 31, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack…

  • CVE-2026-5663HigApr 6, 2026
    risk 0.40cvss 7.3epss 0.02

    A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the…

  • CVE-2025-14607MedDec 13, 2025
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely.…

  • CVE-2020-36855MedOct 21, 2025
    risk 0.27cvss 5.3epss 0.00

    A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The…

  • CVE-2025-14841LowDec 18, 2025
    risk 0.14cvss 3.3epss 0.00

    A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This…

  • CVE-2022-4981LowOct 21, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The…

  • CVE-2026-12805Jun 21, 2026
    risk 0.00cvss epss 0.00

    A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been…

  • CVE-2025-9732Aug 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of…

  • CVE-2025-2357Mar 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the…

  • CVE-2025-25474Feb 18, 2025
    risk 0.00cvss epss 0.00

    DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.

  • CVE-2025-25475Feb 18, 2025
    risk 0.00cvss epss 0.01

    A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

  • CVE-2025-25472Feb 18, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.

  • CVE-2024-52333Jan 13, 2025
    risk 0.00cvss epss 0.01

    An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-47796Jan 13, 2025
    risk 0.00cvss epss 0.01

    An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-27628Jun 28, 2024
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.

  • CVE-2024-34509May 5, 2024
    risk 0.00cvss epss 0.01

    dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

  • CVE-2024-34508May 5, 2024
    risk 0.00cvss epss 0.01

    dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

  • CVE-2024-28130Apr 23, 2024
    risk 0.00cvss epss 0.02

    An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-43272Dec 2, 2022
    risk 0.00cvss epss 0.02

    DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.