CNNVD-202508-3709 Information

CNNVD ID

CNNVD-202508-3709

Related CVE

CVE-2025-9732

• CNNVD Published: 2025-08-31

Description (Chinese)

DCMTK是DCMTK开源的一个实现大部分 DICOM 标准的库和应用程序的集合。用于检查、构建和转换 DICOM 图像文件、处理离线媒体、通过网络连接发送和接收图像的软件，以及演示图像存储和工作列表服务器。 DCMTK 3.6.9及之前版本存在缓冲区错误漏洞，该漏洞源于组件dcm2img的库dcmimage/include/dcmtk/dcmimage/diybrpxt.h存在内存损坏。

Description (English)

DCMTK is a collection of libraries and applications that achieve most of the DICOM standards in DCMTK. Software for checking, constructing and converting DICOM image files, processing offline media, sending and receiving images via network connections, and displaying image storage and worklist servers. The CMTTK 3.6.9 and previous versions had an error loophole in the buffer zone, resulting from memory damage to the building block dcmmimage/include/dcmtk/dcmmage/diybrpxt.h of component dcm2img.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

DCMTK

Published

2025-08-31

Last Modified

2026-02-24

References

https://vuldb.com/?submit.639772 https://vuldb.com/?id.322023 https://vuldb.com/?ctiid.322023 https://github.com/DCMTK/dcmtk/commit/7ad81d69b https://vigilance.fr/vulnerability/DCMTK-memory-corruption-via-dcm2img-48135 https://nvd.nist.gov/vuln/detail/CVE-2025-9732

Patch

https://github.com/DCMTK/dcmtk/releases