cbcvebase.
CVE-2022-4981
published 2025-10-21

CVE-2022-4981: A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the…

PriorityP423medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.26%
16.8th percentile
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.

Affected

13 ranges
VendorProductVersion rangeFixed in
debiandcmtk< dcmtk 3.6.5-1+deb11u5 (bullseye)dcmtk 3.6.5-1+deb11u5 (bullseye)
offisdcmtk< 3.6.83.6.8
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk>= 0 < 3.6.5-1+deb11u53.6.5-1+deb11u5
offisdcmtk>= 0 < 3.6.8-53.6.8-5
offisdcmtk>= 0 < 3.6.8-53.6.8-5

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.01.7LOWAV:L/AC:L/Au:S/C:N/I:N/A:P
osv4.8MEDIUM
vendor_debian4.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.