Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-7010-1
HistorySep 17, 2024 - 5:18 a.m.

dcmtk vulnerabilities

2024-09-1705:18:27
Google
osv.dev
2
dcmtk
vulnerability
denial of service
code execution
ubuntu 20.04 lts
memory handling

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

Low

JSON

Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If
a user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690)

Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled
pointers. If a user or an automated system were tricked into opening a
certain specially crafted input file, a remote attacker could possibly use
this issue to cause a denial of service. This issue only affected
Ubuntu 20.04 LTS. (CVE-2022-2121)

It was discovered that DCMTK incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-43272)

It was discovered that DCMTK incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2024-28130)

It was discovered that DCMTK incorrectly handled memory when processing an
invalid incoming DIMSE message. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-34508, CVE-2024-34509)

Related

nessus 10
openvas 11
mageia 2
osv 10
redos 1
ubuntu 1
gitlab 6
cnvd 4
veracode 6
cvelist 9
prion 6
debiancve 9
vulnrichment 8
cve 9
ubuntucve 9
nvd 9
talos 1
fedora 3
ics 1
talosblog 1
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : DCMTK vulnerabilities (USN-7010-1)
2024-09-17 00:00:00
Debian dla-3847 : dcmtk - security update
2024-06-28 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : DCMTK vulnerabilities (USN-5882-1)
2023-02-22 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3847-1)
2024-07-01 00:00:00
Mageia: Security Advisory (MGASA-2024-0251)
2024-07-04 00:00:00
Ubuntu: Security Advisory (USN-7010-1)
2024-09-18 00:00:00
mageia
mageia
Updated dcmtk packages fix security vulnerabilities
2024-07-03 19:36:28
Updated dcmtk packages fix security vulnerability
2023-03-11 22:00:39
osv
osv
dcmtk - security update
2024-06-28 00:00:00
dcmtk vulnerabilities
2023-02-22 18:23:35
CVE-2021-41689
2022-06-28 13:15:10
redos
redos
ROS-20210716-02
2021-07-16 00:00:00
ubuntu
ubuntu
DCMTK vulnerabilities
2023-02-22 00:00:00
gitlab
gitlab
NULL Pointer Dereference
2022-06-28 00:00:00
Missing Release of Memory after Effective Lifetime
2022-06-28 00:00:00
Missing Release of Memory after Effective Lifetime
2022-12-02 00:00:00
cnvd
cnvd
DCMTK Heap Buffer Overflow Vulnerability (CNVD-2022-60669)
2022-06-30 00:00:00
DCMTK double release vulnerability
2022-06-30 00:00:00
DCMTK Denial of Service Vulnerability
2022-06-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-06-29 06:50:32
Denial Of Service (DoS)
2022-06-29 06:51:05
Denial Of Service (DoS)
2022-06-29 14:31:51
cvelist
cvelist
CVE-2022-43272
2022-12-02 00:00:00
CVE-2021-41690
2022-06-28 09:41:00
CVE-2024-28130
2024-04-23 14:46:43
prion
prion
Double free
2022-06-28 13:15:00
Double free
2022-06-28 13:15:00
Double free
2022-06-28 13:15:00
debiancve
debiancve
CVE-2021-41688
2022-06-28 13:15:10
CVE-2024-28130
2024-04-23 15:15:49
CVE-2024-34509
2024-05-05 20:15:07
vulnrichment
vulnrichment
CVE-2024-28130
2024-04-23 14:46:43
CVE-2021-41690
2022-06-28 09:41:00
CVE-2024-34509
2024-05-05 00:00:00
cve
cve
CVE-2021-41689
2022-06-28 13:15:10
CVE-2024-28130
2024-04-23 15:15:49
CVE-2024-34508
2024-05-05 20:15:07
ubuntucve
ubuntucve
CVE-2021-41689
2022-06-28 00:00:00
CVE-2021-41690
2022-06-28 00:00:00
CVE-2024-28130
2024-09-03 00:00:00
nvd
nvd
CVE-2021-41690
2022-06-28 13:15:10
CVE-2024-28130
2024-04-23 15:15:49
CVE-2021-41688
2022-06-28 13:15:10
talos
talos
OFFIS DCMTK DVPSSoftcopyVOI_PList::createFromImage incorrect type conversion vulnerability
2024-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: dcmtk-3.6.7-3.fc38
2023-03-11 03:55:09
[SECURITY] Fedora 37 Update: dcmtk-3.6.7-3.fc37
2023-03-11 04:28:19
[SECURITY] Fedora 36 Update: dcmtk-3.6.7-3.fc36
2023-03-11 04:03:25
ics
ics
OFFIS DCMTK
2022-06-23 12:00:00
talosblog
talosblog
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
2024-05-01 16:00:12

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

Low

JSON
Related for OSV:USN-7010-1
nessus10openvas11mageia2osv10redos1ubuntu1gitlab6cnvd4veracode6cvelist9prion6debiancve9vulnrichment8cve9ubuntucve9nvd9talos1fedora3ics1talosblog1