DCMTK up to and including 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
offis dcmtk |