CNNVD-202510-2756 Information

CNNVD ID

CNNVD-202510-2756

Related CVE

CVE-2020-36855

• CNNVD Published: 2025-10-21

Description (Chinese)

DCMTK是DCMTK开源的一个实现大部分 DICOM 标准的库和应用程序的集合。用于检查、构建和转换 DICOM 图像文件、处理离线媒体、通过网络连接发送和接收图像的软件，以及演示图像存储和工作列表服务器。 DCMTK 3.6.5及之前版本存在安全漏洞，该漏洞源于对组件dcmqrscp中函数parseQuota的参数StorageQuota的错误操作，可能导致栈缓冲区溢出。

Description (English)

DCMTK is a collection of libraries and applications that achieve most of the DICOM standards in DCMTK. Software for checking, constructing and converting DICOM image files, processing offline media, sending and receiving images via network connections, and displaying image storage and worklist servers. There is a security loophole in DCMTK 3.6.5 and earlier versions, which stems from an error in the StorageQouta parameter for the function ParseQuota in component dcmqrscp, which could lead to a spill out of the silo buffer zone.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

DCMTK

Published

2025-10-21

Last Modified

2026-02-24

References

https://vuldb.com/?id.329028 https://shimo.im/docs/rp3OMVMDPKtjn0km/ https://vuldb.com/?ctiid.329028 https://shimo.im/docs/rp3OMVMDPKtjn0km/read https://vuldb.com/?submit.673137 https://vigilance.fr/vulnerability/DCMTK-buffer-overflow-via-parseQuota-48652