CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2121 – OFFIS DCMTK NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2022-2121
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. OFFIS DCMTK"s (Todas las versiones anteriores a 3.6.7) presenta una vulnerabilidad de desreferencia de puntero NULL mientras procesa archivos DICOM, que puede resultar en una condición de denegación de servicio • https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2120 – OFFIS DCMTK Path Traversal
https://notcve.org/view.php?id=CVE-2022-2120
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. El usuario de clase de servicio (SCU) de OFFIS DCMTK (todas las versiones anteriores a 3.6.7) es vulnerable a un salto de ruta relativo, lo que permite a un atacante escribir archivos DICOM en directorios arbitrarios bajo nombres controlados. Esto podría permitir una ejecución remota de código • https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-1010228
https://notcve.org/view.php?id=CVE-2019-1010228
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQOAULR72EYJQ4HS6YGLK2S6YNEXY2ET https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBKP2O24CTYIANEJTP4TVEPYEVSYV2RX https://support.dcmtk.org/redmine/issues/858 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2015-8979 – DCMTK storescp DICOM storage (C-STORE) SCP Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-8979
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. Desbordamiento de búfer basado en pila en la función parsePresentationContext en storescp en DICOM dcmtk-3.6.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de una cadena larga enviada al puerto TCP 4242. • http://packetstormsecurity.com/files/140191/DCMTK-storescp-DICOM-storage-C-STORE-SCP-Remote-Stack-Buffer-Overflow.html http://www.debian.org/security/2016/dsa-3749 http://www.openwall.com/lists/oss-security/2016/12/18/2 http://www.securityfocus.com/bid/94951 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php https://bugzilla.redhat.com/show_bug.cgi?id=1405919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 1CVE-2013-6825
https://notcve.org/view.php?id=CVE-2013-6825
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes. (1) movescu.cc y (2) storescp.cc en dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc y (6) dcmpsrcv.cc en dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc y (8) dcmqrdb/apps/dcmqrscp.cc en DCMTK 3.6.1 y anteriores no comprueba el valor de retorno de la llamada de sistema setuid, lo que permite a usuarios locales ganar privilegios mediante la creación de un número grande de procesos. • http://git.dcmtk.org/web?p=dcmtk.git%3Ba=blob%3Bf=CHANGES.361 http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html http://seclists.org/fulldisclosure/2014/Jun/11 http://secunia.com/advisories/58916 http://www.securityfocus.com/archive/1/532261/100/0/threaded http://www.securityfocus.com/bid/67784 • CWE-264: Permissions, Privileges, and Access Controls •