Search CVE reports


Toggle filters

1 – 10 of 34 results


CVE-2026-52868

Medium priority
Needs evaluation

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-50254

Medium priority
Needs evaluation

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which...

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-50003

Medium priority
Needs evaluation

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35505

Medium priority
Needs evaluation

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-44628

Medium priority
Needs evaluation

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-12805

Medium priority
Needs evaluation

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be...

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-10194

Medium priority
Needs evaluation

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can...

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-5663

Medium priority
Needs evaluation

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in...

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-14841

Medium priority
Needs evaluation

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library...

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-14607

Medium priority
Needs evaluation

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory...

1 affected package

dcmtk

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dcmtk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages