cbcvebase.

Offis Dcmtk vulnerabilities

29 known vulnerabilities affecting offis/dcmtk.

Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH13MEDIUM11LOW1

Vulnerabilities

Page 2 of 2
CVE-2013-6825P4HIGHCVSS 7.2≤ 3.6.1v3.5.1+5 more2014-06-10
CVE-2013-6825 [HIGH] CWE-264 CVE-2013-6825: (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlma (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileg
nvdosv
CVE-2020-36855P4MEDIUMCVSS 5.5fixed in 3.6.6v3.6.0+5 more2025-10-21
CVE-2020-36855 [MEDIUM] CWE-119 CVE-2020-36855: A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the functio A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version
nvdosv
CVE-2022-2121P4MEDIUMCVSS 6.5fixed in 3.6.7≥ unspecified, < 3.6.72022-06-24
CVE-2022-2121 [MEDIUM] CWE-476 CVE-2022-2121: OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while proce OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.
nvdosv
CVE-2022-4981P4MEDIUMCVSS 5.5fixed in 3.6.8v3.6.0+7 more2025-10-21
CVE-2022-4981 [MEDIUM] CWE-404 CVE-2022-4981: A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetr A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is suffic
nvdosv
CVE-2024-34509P4MEDIUMCVSS 5.3fixed in 3.6.92024-05-05
CVE-2024-34509 [MEDIUM] CVE-2024-34509: dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
nvdosv
CVE-2025-25472P4MEDIUMCVSS 5.3v3.6.92025-02-18
CVE-2025-25472 [MEDIUM] CWE-120 CVE-2025-25472: A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.
nvdosv
CVE-2024-34508P4MEDIUMCVSS 4.3fixed in 3.6.92024-05-05
CVE-2024-34508 [MEDIUM] CWE-476 CVE-2024-34508: dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
nvdosv
CVE-2025-14841P4LOWCVSS 3.3v3.6.0v3.6.1+8 more2025-12-18
CVE-2025-14841 [LOW] CWE-404 CVE-2025-14841: A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetri A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgra
nvdosv
CVE-2015-8979HIGHCVSS 7.5≥ 0, < 3.6.1~20150924-5ubuntu0.1~esm1≥ 0, < 3.6.2-3ubuntu0.1~esm1+2 more2023-02-22
CVE-2015-8979 [HIGH] dcmtk vulnerabilities dcmtk vulnerabilities Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8979) Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain s
osv
Offis Dcmtk vulnerabilities | cvebase