VYPR

Vendor CVEs

Dcmtk

All CVEs

29 total · sorted by risk
  • CVE-2015-8979HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.04

    Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.

  • CVE-2026-10194MedMay 31, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack…

  • CVE-2026-5663HigApr 6, 2026
    risk 0.40cvss 7.3epss 0.02

    A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the…

  • CVE-2025-14607MedDec 13, 2025
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely.…

  • CVE-2020-36855MedOct 21, 2025
    risk 0.27cvss 5.3epss 0.00

    A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The…

  • CVE-2025-14841LowDec 18, 2025
    risk 0.14cvss 3.3epss 0.00

    A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This…

  • CVE-2022-4981LowOct 21, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The…

  • CVE-2026-12805Jun 21, 2026
    risk 0.00cvss epss 0.00

    A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been…

  • CVE-2025-9732Aug 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of…

  • CVE-2025-2357Mar 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the…

  • CVE-2025-25474Feb 18, 2025
    risk 0.00cvss epss 0.00

    DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.

  • CVE-2025-25475Feb 18, 2025
    risk 0.00cvss epss 0.01

    A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

  • CVE-2025-25472Feb 18, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.

  • CVE-2024-52333Jan 13, 2025
    risk 0.00cvss epss 0.01

    An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-47796Jan 13, 2025
    risk 0.00cvss epss 0.01

    An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-27628Jun 28, 2024
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.

  • CVE-2024-34509May 5, 2024
    risk 0.00cvss epss 0.01

    dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

  • CVE-2024-34508May 5, 2024
    risk 0.00cvss epss 0.01

    dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

  • CVE-2024-28130Apr 23, 2024
    risk 0.00cvss epss 0.02

    An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-43272Dec 2, 2022
    risk 0.00cvss epss 0.02

    DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.

  • CVE-2021-41687Jun 28, 2022
    risk 0.00cvss epss 0.02

    DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.

  • CVE-2021-41688Jun 28, 2022
    risk 0.00cvss epss 0.02

    DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.

  • CVE-2021-41690Jun 28, 2022
    risk 0.00cvss epss 0.02

    DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to…

  • CVE-2021-41689Jun 28, 2022
    risk 0.00cvss epss 0.02

    DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.

  • CVE-2022-2119Jun 24, 2022
    risk 0.00cvss epss 0.03

    OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

  • CVE-2022-2121Jun 24, 2022
    risk 0.00cvss epss 0.01

    OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.

  • CVE-2022-2120Jun 24, 2022
    risk 0.00cvss epss 0.03

    OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

  • CVE-2019-1010228Jul 22, 2019
    risk 0.00cvss epss 0.08

    OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g.…

  • CVE-2013-6825Jun 10, 2014
    risk 0.00cvss epss 0.00

    (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the…