Vendor CVEs
Dcmtk
All CVEs
29 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8979 | Hig | 0.49 | 7.5 | 0.04 | Feb 15, 2017 | Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. | ||
| CVE-2026-10194 | Med | 0.41 | 6.3 | 0.00 | May 31, 2026 | A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack… | ||
| CVE-2026-5663 | Hig | 0.40 | 7.3 | 0.02 | Apr 6, 2026 | A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the… | ||
| CVE-2025-14607 | Med | 0.34 | 6.3 | 0.00 | Dec 13, 2025 | A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely.… | ||
| CVE-2020-36855 | Med | 0.27 | 5.3 | 0.00 | Oct 21, 2025 | A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The… | ||
| CVE-2025-14841 | Low | 0.14 | 3.3 | 0.00 | Dec 18, 2025 | A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This… | ||
| CVE-2022-4981 | Low | 0.14 | 3.3 | 0.00 | Oct 21, 2025 | A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The… | ||
| CVE-2026-12805 | 0.00 | — | 0.00 | Jun 21, 2026 | A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been… | |||
| CVE-2025-9732 | 0.00 | — | 0.00 | Aug 31, 2025 | A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of… | |||
| CVE-2025-2357 | 0.00 | — | 0.00 | Mar 17, 2025 | A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the… | |||
| CVE-2025-25474 | 0.00 | — | 0.00 | Feb 18, 2025 | DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. | |||
| CVE-2025-25475 | 0.00 | — | 0.01 | Feb 18, 2025 | A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file. | |||
| CVE-2025-25472 | 0.00 | — | 0.00 | Feb 18, 2025 | A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. | |||
| CVE-2024-52333 | 0.00 | — | 0.01 | Jan 13, 2025 | An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||
| CVE-2024-47796 | 0.00 | — | 0.01 | Jan 13, 2025 | An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||
| CVE-2024-27628 | 0.00 | — | 0.01 | Jun 28, 2024 | Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. | |||
| CVE-2024-34509 | 0.00 | — | 0.01 | May 5, 2024 | dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | |||
| CVE-2024-34508 | 0.00 | — | 0.01 | May 5, 2024 | dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | |||
| CVE-2024-28130 | 0.00 | — | 0.02 | Apr 23, 2024 | An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||
| CVE-2022-43272 | 0.00 | — | 0.02 | Dec 2, 2022 | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | |||
| CVE-2021-41687 | 0.00 | — | 0.02 | Jun 28, 2022 | DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. | |||
| CVE-2021-41688 | 0.00 | — | 0.02 | Jun 28, 2022 | DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. | |||
| CVE-2021-41690 | 0.00 | — | 0.02 | Jun 28, 2022 | DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to… | |||
| CVE-2021-41689 | 0.00 | — | 0.02 | Jun 28, 2022 | DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. | |||
| CVE-2022-2119 | 0.00 | — | 0.03 | Jun 24, 2022 | OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | |||
| CVE-2022-2121 | 0.00 | — | 0.01 | Jun 24, 2022 | OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. | |||
| CVE-2022-2120 | 0.00 | — | 0.03 | Jun 24, 2022 | OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | |||
| CVE-2019-1010228 | 0.00 | — | 0.08 | Jul 22, 2019 | OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g.… | |||
| CVE-2013-6825 | 0.00 | — | 0.00 | Jun 10, 2014 | (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the… |
- risk 0.49cvss 7.5epss 0.04
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack…
- risk 0.40cvss 7.3epss 0.02
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the…
- risk 0.34cvss 6.3epss 0.00
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely.…
- risk 0.27cvss 5.3epss 0.00
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The…
- risk 0.14cvss 3.3epss 0.00
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This…
- risk 0.14cvss 3.3epss 0.00
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The…
- CVE-2026-12805Jun 21, 2026risk 0.00cvss —epss 0.00
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been…
- CVE-2025-9732Aug 31, 2025risk 0.00cvss —epss 0.00
A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of…
- CVE-2025-2357Mar 17, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the…
- CVE-2025-25474Feb 18, 2025risk 0.00cvss —epss 0.00
DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.
- CVE-2025-25475Feb 18, 2025risk 0.00cvss —epss 0.01
A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.
- CVE-2025-25472Feb 18, 2025risk 0.00cvss —epss 0.00
A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.
- CVE-2024-52333Jan 13, 2025risk 0.00cvss —epss 0.01
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2024-47796Jan 13, 2025risk 0.00cvss —epss 0.01
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2024-27628Jun 28, 2024risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
- CVE-2024-34509May 5, 2024risk 0.00cvss —epss 0.01
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
- CVE-2024-34508May 5, 2024risk 0.00cvss —epss 0.01
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
- CVE-2024-28130Apr 23, 2024risk 0.00cvss —epss 0.02
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-43272Dec 2, 2022risk 0.00cvss —epss 0.02
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
- CVE-2021-41687Jun 28, 2022risk 0.00cvss —epss 0.02
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.
- CVE-2021-41688Jun 28, 2022risk 0.00cvss —epss 0.02
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.
- CVE-2021-41690Jun 28, 2022risk 0.00cvss —epss 0.02
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to…
- CVE-2021-41689Jun 28, 2022risk 0.00cvss —epss 0.02
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
- CVE-2022-2119Jun 24, 2022risk 0.00cvss —epss 0.03
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
- CVE-2022-2121Jun 24, 2022risk 0.00cvss —epss 0.01
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.
- CVE-2022-2120Jun 24, 2022risk 0.00cvss —epss 0.03
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
- CVE-2019-1010228Jul 22, 2019risk 0.00cvss —epss 0.08
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g.…
- CVE-2013-6825Jun 10, 2014risk 0.00cvss —epss 0.00
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the…