cbcvebase.
CVE-2025-14607
published 2025-12-13

CVE-2025-14607: A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file…

PriorityP340medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.23%
14.1th percentile
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandcmtk< dcmtk 3.6.5-1+deb11u6 (bullseye)dcmtk 3.6.5-1+deb11u6 (bullseye)
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk>= 0 < 3.6.5-1+deb11u63.6.5-1+deb11u6

CVSS provenance

nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.