cbcvebase.
CVE-2024-27628
published 2024-06-28

CVE-2024-27628: Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.

PriorityP343high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.73%
49.6th percentile
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiandcmtk< dcmtk 3.6.7-9~deb12u2 (bookworm)dcmtk 3.6.7-9~deb12u2 (bookworm)
offisdcmtk
offisdcmtk>= 0 < 3.6.7-9~deb12u23.6.7-9~deb12u2
offisdcmtk>= 0 < 3.6.8-63.6.8-6
offisdcmtk>= 0 < 3.6.8-63.6.8-6

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.