CVE-2019-1010228
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.
DCMTK versión 3.6.3 e inferiores de OFFIS.de, está afectado por: Desbordamiento de Búfer. El impacto es: posible ejecución de código y Denegación de Servicio confirmada. El componente es: la función DcmRLEDecoder::decompress() (el archivo dcrledec.h, línea 122). El vector de ataque es: muchos escenarios de procesamiento de archivos DICOM (por ejemplo, DICOM para la conversión de imágenes). La versión corregida es: 3.6.4, después de commit 40917614e.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-20 CVE Reserved
- 2019-07-22 CVE Published
- 2024-07-15 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | <= 3.6.3 Search vendor "Offis" for product "Dcmtk" and version " <= 3.6.3" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
|