CVE-2024-27628Classic Buffer Overflow in Dcmtk

CWE-120Classic Buffer Overflow4 documents4 sources
Severity
8.1HIGHNVD
EPSS
1.5%
top 19.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Offis DcmtkDebian Dcmtk
Timeline
PublishedJun 28
Latest updateJun 29

Description

Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

debiandebian/dcmtk< dcmtk 3.6.7-9~deb12u2 (bookworm)
Debianoffis/dcmtk< 3.6.7-9~deb12u2+2
NVDoffis/dcmtk3.6.8

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-4vfx-5jf7-gfhv: Buffer Overflow vulnerability in DCMTK v2024-06-29
OSV
CVE-2024-27628: Buffer Overflow vulnerability in DCMTK v2024-06-28

📋Vendor Advisories

1
Debian
CVE-2024-27628: dcmtk - Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arb...2024
CVE-2024-27628 — Classic Buffer Overflow in Dcmtk | cvebase