CVE-2025-2357Improper Restriction of Operations within the Bounds of a Memory Buffer in Dcmtk

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-670Always-Incorrect Control Flow Implementation6 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 41.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Offis DcmtkDebian Dcmtk
Timeline
PublishedMar 17
Latest updateJul 10

Description

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

debiandebian/dcmtk< dcmtk 3.6.5-1+deb11u4 (bullseye)
Debianoffis/dcmtk< 3.6.5-1+deb11u4+2
NVDoffis/dcmtk3.6.9

🔴Vulnerability Details

2
GHSA
GHSA-vwr6-5rc9-p4cw: A vulnerability was found in DCMTK 32025-03-17
OSV
CVE-2025-2357: A vulnerability was found in DCMTK 32025-03-17

📋Vendor Advisories

3
Red Hat
kernel: bpf: Avoid __bpf_prog_ret0_warn when jit fails2025-07-10
Red Hat
DCMTK: DCMTK dcmjpls JPEG-LS Decoder memory corruption2025-03-17
Debian
CVE-2025-2357: dcmtk - A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This...2025
CVE-2025-2357 — Debian Dcmtk vulnerability | cvebase