A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-31
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-01-13
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-01-13
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
CVSS Score
8.1
EPSS Score
0.008
Published
2024-06-28
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-05
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-05
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-23