Marco Eichelberg

6 exploits Active since May 2024
CVE-2026-5663 WRITEUP HIGH WRITEUP
OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
CVSS 7.3
CVE-2024-34508 WRITEUP MEDIUM WRITEUP
DCMTK <3.6.9 - Buffer Overflow
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS 4.3
CVE-2024-34509 WRITEUP MEDIUM WRITEUP
DCMTK <3.6.9 - Buffer Overflow
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
CVSS 5.3
CVE-2025-14607 WRITEUP MEDIUM WRITEUP
OFFIS DCMTK <3.6.9 - Memory Corruption
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.
CVSS 6.3
CVE-2025-14841 WRITEUP LOW WRITEUP
OFFIS DCMTK <3.6.9 - Null Pointer Dereference
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.
CVSS 3.3
CVE-2025-25475 WRITEUP HIGH WRITEUP
Offis Dcmtk - NULL Pointer Dereference
A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.
CVSS 7.5