CVE-2025-14607

Summary

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
OFFISDCMTK3.6.0affected
OFFISDCMTK3.6.1affected
OFFISDCMTK3.6.2affected
OFFISDCMTK3.6.3affected
OFFISDCMTK3.6.4affected
OFFISDCMTK3.6.5affected
OFFISDCMTK3.6.6affected
OFFISDCMTK3.6.7affected
OFFISDCMTK3.6.8affected
OFFISDCMTK3.6.9affected
OFFISDCMTK3.7.0unaffected

Weaknesses

  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References