Michael Onken

5 exploits Active since Jun 2022
CVE-2021-41687 WRITEUP HIGH WRITEUP
DCMTK < 3.6.6 - Denial of Service via Memory Leak in dcmqrdb
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.
CVSS 7.5
CVE-2021-41688 WRITEUP HIGH WRITEUP
DCMTK < 3.6.6 - Double Free in dcmqrdb
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.
CVSS 7.5
CVE-2021-41689 WRITEUP HIGH WRITEUP
DCMTK <= 3.6.6 - Denial of Service via Null String Copy in dcmqrdb
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
CVSS 7.5
CVE-2021-41690 WRITEUP HIGH WRITEUP
DCMTK < 3.6.6 - Denial of Service via Memory Leak in dcmqrdb
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
CVSS 7.5
CVE-2024-27628 WRITEUP HIGH WRITEUP
DCMTK 3.6.8 - Buffer Overflow in EctEnhancedCT Method
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
CVSS 8.1