Shodan
Vulnerabilities
Vulnerable Software
Offis:  Security Vulnerabilities
CVE-2024-34508
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-05
CVE-2024-34509
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-05
CVE-2024-28130
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-23
CVE-2022-43272
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-02
CVE-2021-41687
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-41688
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-41689
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-41690
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2022-2119
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
CVSS Score
7.5
EPSS Score
0.046
Published
2022-06-24
CVE-2022-2120
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
CVSS Score
7.5
EPSS Score
0.046
Published
2022-06-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved