CNNVD-202510-2755 Information

Oct 21, 2025 cve

CNNVD ID

CNNVD-202510-2755

CVE-2022-4981

CNNVD Published: 2025-10-21

Description (Chinese)

DCMTK是DCMTK开源的一个实现大部分 DICOM 标准的库和应用程序的集合。用于检查、构建和转换 DICOM 图像文件、处理离线媒体、通过网络连接发送和接收图像的软件，以及演示图像存储和工作列表服务器。 DCMTK 3.6.7及之前版本存在安全漏洞，该漏洞源于文件/dcmqrcnf.cc中DcmQueryRetrieveConfig::readPeerList函数存在空指针取消引用。

Description (English)

DCMTK is a collection of libraries and applications that achieve most of the DICOM standards in DCMTK. Software for checking, constructing and converting DICOM image files, processing offline media, sending and receiving images via network connections, and displaying image storage and worklist servers. There is a security loophole in DCMTK 3.6.7 and earlier versions, which stems from the empty pointer cancellation reference in the Dcm QueryRetrieveConfig::readPeerList function in file/dcmqrcnf.cc.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

DCMTK

Published

2025-10-21

Last Modified

2026-02-24

References

https://shimo.im/docs/e1Azd4dDQXUgOGqW/read https://vuldb.com/?submit.673134 https://vuldb.com/?ctiid.329029 https://support.dcmtk.org/redmine/issues/1026 https://vuldb.com/?id.329029 https://vigilance.fr/vulnerability/DCMTK-NULL-pointer-dereference-via-DcmQueryRetrieveConfig-readPeerList-48653

Share on: