CVE-2022-4981

Medium CVSS: 4.8

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.

Vendor

Offis

Product

Dcmtk

CWE

CWE-404

Yayın Tarihi

2025-10-21 15:15:37

Güncelleme

2025-10-31 14:55:59

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-404 Dcmtk MEDIUM Offis 2025

Referanslar

https://shimo.im/docs/e1Azd4dDQXUgOGqW/ https://support.dcmtk.org/redmine/issues/1026 https://vuldb.com/?ctiid.329029 https://vuldb.com/?id.329029 https://vuldb.com/?submit.673134 https://shimo.im/docs/e1Azd4dDQXUgOGqW/read

Benzer Kayıtlar

Medium

CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the…

Medium

CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dc…

Medium

CVE-2025-2357

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of t…

Medium

CVE-2025-25472

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM…

Medium

CVE-2025-25474

DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.

High

CVE-2025-25475

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial…