cbcvebase.
CVE-2021-41687
published 2022-06-28

CVE-2021-41687: DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing…

PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.59%
72.7th percentile
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.

Affected

18 ranges
VendorProductVersion rangeFixed in
debiandcmtk< dcmtk 3.6.7-1 (bookworm)dcmtk 3.6.7-1 (bookworm)
offisdcmtk<= 3.6.6
offisdcmtk>= 0 < 3.6.5-1+deb11u13.6.5-1+deb11u1
offisdcmtk>= 0 < 3.6.7-13.6.7-1
offisdcmtk>= 0 < 3.6.7-13.6.7-1
offisdcmtk>= 0 < 3.6.7-13.6.7-1
offisdcmtk>= 0 < 3.6.4-2.1ubuntu0.13.6.4-2.1ubuntu0.1
offisdcmtk>= 0 < 3.6.4-2.1ubuntu0.23.6.4-2.1ubuntu0.2
offisdcmtk>= 0 < 3.6.1~20150924-5ubuntu0.1~esm23.6.1~20150924-5ubuntu0.1~esm2
offisdcmtk>= 0 < 3.6.1~20150924-5ubuntu0.1~esm13.6.1~20150924-5ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.1~20150924-5ubuntu0.1~esm33.6.1~20150924-5ubuntu0.1~esm3
offisdcmtk>= 0 < 3.6.2-3ubuntu0.1~esm23.6.2-3ubuntu0.1~esm2
offisdcmtk>= 0 < 3.6.2-3ubuntu0.1~esm13.6.2-3ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.2-3ubuntu0.1~esm33.6.2-3ubuntu0.1~esm3
offisdcmtk>= 0 < 3.6.4-2.1ubuntu0.1~esm13.6.4-2.1ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.6-5ubuntu0.1~esm23.6.6-5ubuntu0.1~esm2
offisdcmtk>= 0 < 3.6.6-5ubuntu0.1~esm13.6.6-5ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.7-9.1ubuntu0.1~esm13.6.7-9.1ubuntu0.1~esm1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.