Vulnerability Details CVE-2015-8979
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/140191/DCMTK-storescp-DICOM-storage-C-STORE-SCP-Remote-Stack-Buffer-Overflow.html
- http://www.debian.org/security/2016/dsa-3749
- http://www.openwall.com/lists/oss-security/2016/12/18/2
- http://www.securityfocus.com/bid/94951
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
- https://bugzilla.redhat.com/show_bug.cgi?id=1405919
- http://packetstormsecurity.com/files/140191/DCMTK-storescp-DICOM-storage-C-STORE-SCP-Remote-Stack-Buffer-Overflow.html
- http://www.debian.org/security/2016/dsa-3749
- http://www.openwall.com/lists/oss-security/2016/12/18/2
- http://www.securityfocus.com/bid/94951
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
- https://bugzilla.redhat.com/show_bug.cgi?id=1405919
Products affected by CVE-2015-8979
-
cpe:2.3:a:dicom:dcmtk:3.6.0
-
cpe:2.3:o:debian:debian_linux:8.0