CNNVD-202512-2516 Information

Dec 13, 2025 cve

CNNVD ID

CNNVD-202512-2516

CVE-2025-14607

CNNVD Published: 2025-12-13

Description (Chinese)

OFFIS DCMTK是德国OFFIS公司的一个实现大部分 DICOM 标准的库和应用程序的集合。用于检查、构建和转换 DICOM 图像文件、处理离线媒体、通过网络连接发送和接收图像的软件，以及演示图像存储和工作列表服务器。 OFFIS DCMTK 3.6.9及之前版本存在缓冲区错误漏洞，该漏洞源于dcmdata组件中dcbytstr.cc文件的DcmByteString::makeDicomByteString函数存在内存损坏问题，可能导致远程攻击。

Description (English)

OFFIS DCMTK is a collection of libraries and applications that achieve most of the DICOM standards by OFFIS, Germany. Software for checking, constructing and converting DICOM image files, processing offline media, sending and receiving images via network connections, and displaying image storage and worklist servers. The OFFIS DCMTK 3.6.9 and previous versions contained a buffer zone error loophole, which originated from the Dcm ByteString: MakeDicomByString function of dcbytstr.cc in dcmdata component, and could lead to a remote attack.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

OFFIS

Published

2025-12-13

Last Modified

2026-02-24

References

https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a https://support.dcmtk.org/redmine/issues/1184 https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02 https://support.dcmtk.org/redmine/versions/19 https://vuldb.com/?ctiid.336283 https://vuldb.com/?id.336283 https://vuldb.com/?submit.705036

Share on: