Home

Description

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

PUBLISHED Reserved 2025-12-12 | Published 2025-12-13 | Updated 2025-12-15 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

Memory Corruption

Product status

3.6.0
affected

3.6.1
affected

3.6.2
affected

3.6.3
affected

3.6.4
affected

3.6.5
affected

3.6.6
affected

3.6.7
affected

3.6.8
affected

3.6.9
affected

3.7.0
unaffected

Timeline

2025-12-12:Advisory disclosed
2025-12-12:VulDB entry created
2025-12-12:VulDB entry last update

Credits

KendrickZou (VulDB User) reporter

References

vuldb.com/?id.336283 (VDB-336283 | OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption) vdb-entry technical-description

vuldb.com/?ctiid.336283 (VDB-336283 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.705036 (Submit #705036 | OFFIS DCMTK 3.6.9 Buffer Overflow) third-party-advisory

support.dcmtk.org/redmine/issues/1184 issue-tracking

support.dcmtk.org/...projects/dcmtk/activity?from=2025-12-02 related

github.com/...ommit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a patch

support.dcmtk.org/redmine/versions/19 patch

cve.org (CVE-2025-14607)

nvd.nist.gov (CVE-2025-14607)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.