CVE-2022-2121NULL Pointer Dereference in Dcmtk

CWE-476NULL Pointer Dereference10 documents5 sources
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.1%
top 75.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Offis DcmtkDebian Dcmtk
Timeline
PublishedJun 24
Latest updateJul 8

Description

OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5offis/dcmtkunspecified3.6.7
NVDoffis/dcmtk< 3.6.7
Debianoffis/dcmtk< 3.6.5-1+deb11u1+3
Ubuntuoffis/dcmtk< 3.6.4-2.1ubuntu0.1+11
debiandebian/dcmtk< dcmtk 3.6.7-1 (bookworm)

🔴Vulnerability Details

5
OSV
dcmtk regression2025-07-08
OSV
dcmtk vulnerabilities2024-09-17
OSV
dcmtk vulnerabilities2023-02-22
GHSA
GHSA-jrq9-r9fx-4557: OFFIS DCMTK's (All versions prior to 32022-06-25
OSV
CVE-2022-2121: OFFIS DCMTK's (All versions prior to 32022-06-24

📋Vendor Advisories

4
Ubuntu
DCMTK regression2025-07-08
Ubuntu
DCMTK vulnerabilities2024-09-17
Ubuntu
DCMTK vulnerabilities2023-02-22
Debian
CVE-2022-2121: dcmtk - OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulne...2022
CVE-2022-2121 — NULL Pointer Dereference in Offis Dcmtk | cvebase