Vulnerabilities (CVE)

Filtered by vendor Offis Subscribe
Filtered by product Dcmtk
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41687 1 Offis 1 Dcmtk 2026-06-17 5.0 MEDIUM 7.5 HIGH
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.
CVE-2020-36855 1 Offis 1 Dcmtk 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.
CVE-2019-1010228 2 Fedoraproject, Offis 2 Fedora, Dcmtk 2026-06-17 7.5 HIGH 9.8 CRITICAL
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.
CVE-2013-6825 1 Offis 1 Dcmtk 2026-06-17 7.2 HIGH N/A
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.