OFFIS DCMTK's (All versions before 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.
offis dcmtk