Shodan
Vulnerabilities
Vulnerable Software
Offis:  >> Dcmtk  >> 3.6.8  Security Vulnerabilities
CVE-2026-5663
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
CVSS Score
6.9
EPSS Score
0.004
Published
2026-04-06
CVE-2025-9732
A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-31
CVE-2024-52333
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-01-13
CVE-2024-47796
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-01-13
CVE-2024-27628
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
CVSS Score
8.1
EPSS Score
0.016
Published
2024-06-28
CVE-2024-34508
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-05
CVE-2024-34509
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-05
CVE-2024-28130
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved