Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dcmtk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34508
dcmnet in DCMTK prior to 3.6.9 has a segmentation fault via an invalid DIMSE message.
NA
CVE-2024-34509
dcmdata in DCMTK prior to 3.6.9 has a segmentation fault via an invalid DIMSE message.
NA
CVE-2024-28130
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NA
CVE-2022-43272
DCMTK v3.6.7 exists to contain a memory leak via the T_ASC_Association object.
Offis Dcmtk 3.6.7
445
VMScore
CVE-2021-41688
DCMTK up to and including 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.
Offis Dcmtk
445
VMScore
CVE-2021-41689
DCMTK up to and including 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack...
Offis Dcmtk
445
VMScore
CVE-2021-41690
DCMTK up to and including 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can u...
Offis Dcmtk
445
VMScore
CVE-2021-41687
DCMTK up to and including 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS atta...
Offis Dcmtk
668
VMScore
CVE-2022-2119
OFFIS DCMTK's (All versions before 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an malicious user to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
Offis Dcmtk
668
VMScore
CVE-2022-2120
OFFIS DCMTK's (All versions before 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an malicious user to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
Offis Dcmtk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »