CVE-2025-14607Improper Restriction of Operations within the Bounds of a Memory Buffer in Dcmtk

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 67.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Offis DcmtkDebian Dcmtk
Timeline
PublishedDec 13

Description

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

Debianoffis/dcmtk< 3.6.5-1+deb11u6
CVEListV5offis/dcmtk10 versions+9
debiandebian/dcmtk< dcmtk 3.6.5-1+deb11u6 (bullseye)

🔴Vulnerability Details

2
GHSA
GHSA-8cqp-6cwx-f84x: A vulnerability was detected in OFFIS DCMTK up to 32025-12-13
OSV
CVE-2025-14607: A vulnerability was detected in OFFIS DCMTK up to 32025-12-13

📋Vendor Advisories

2
Red Hat
dcmtk: OFFIS DCMTK: Remote memory corruption vulnerability2025-12-13
Debian
CVE-2025-14607: dcmtk - A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue ...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-14607 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-14607 — Debian Dcmtk vulnerability | cvebase