CVE-2025-9732

Summary

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.

Affected Software

VendorProductVersion RangeStatus
n/aDCMTK3.6.0affected
n/aDCMTK3.6.1affected
n/aDCMTK3.6.2affected
n/aDCMTK3.6.3affected
n/aDCMTK3.6.4affected
n/aDCMTK3.6.5affected
n/aDCMTK3.6.6affected
n/aDCMTK3.6.7affected
n/aDCMTK3.6.8affected
n/aDCMTK3.6.9affected

Weaknesses

  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References