Every CVE whose affected-product data names Offis Dcmtk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2019-1010228 — CVSS 9.8 (critical): OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The…
CVE-2024-52333 — CVSS 8.4 (high): An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted…
CVE-2024-47796 — CVSS 8.4 (high): An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file…
CVE-2024-27628 — CVSS 8.1 (high): Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
CVE-2021-41689 — CVSS 7.5 (high): DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and…
CVE-2021-41690 — CVSS 7.5 (high): DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global…
CVE-2022-2119 — CVSS 7.5 (high): OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write…
CVE-2022-2120 — CVSS 7.5 (high): OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to…
CVE-2022-2121 — CVSS 7.5 (high): OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in…
CVE-2024-28130 — CVSS 7.5 (high): An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A…
CVE-2025-25475 — CVSS 7.5 (high): A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS)…
CVE-2021-41687 — CVSS 7.5 (high): DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when…
CVE-2021-41688 — CVSS 7.5 (high): DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other…
CVE-2026-5663 — CVSS 7.3 (high): A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the…
CVE-2013-6825 — CVSS 7.2 (high): (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6)…
CVE-2025-25474 — CVSS 6.5 (medium): DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.
CVE-2025-2357 — CVSS 6.3 (medium): A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component…
CVE-2025-25472 — CVSS 5.3 (medium): A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.
CVE-2020-36855 — CVSS 5.3 (medium): A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp…
CVE-2025-9732 — CVSS 5.3 (medium): A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpx…
CVE-2022-4981 — CVSS 3.3 (low): A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file…