Skip to main content

DCMTK EUVDEUVD-2026-40421

| CVE-2026-50254 HIGH
Memory Leak (CWE-401)
2026-06-30 icscert GHSA-69cc-m82h-x8rm
8.7
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Remote, unauthenticated, low-complexity connection request with no user interaction yields a memory-leak DoS, so AV:N/AC:L/PR:N/UI:N with availability-only impact A:H and C:N/I:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 30, 2026 - 22:03 vuln.today

DescriptionCVE.org

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.

AnalysisAI

Denial of service in OFFIS DCMTK's storescp DICOM receiver allows an unauthenticated remote attacker to exhaust process memory by repeatedly sending a single crafted connection request (CWE-401 memory leak), eventually crashing the service so it stops accepting connections until an operator manually restarts it. In the default single-process deployment mode the leak accumulates per connection and brings the listener down quickly. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach storescp listening port over network
Delivery
Send crafted DICOM connection request
Exploit
Trigger per-connection memory leak (CWE-401)
Execution
Repeat to exhaust process memory
Persist
Service OOM-killed, stops accepting connections
Impact
Imaging ingestion denied until manual restart

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target run DCMTK's storescp in its default single-process mode, where leaked memory accumulates in the long-lived listener until the service is OOM-killed; the attacker only needs network reachability to the storescp listening port and sends a single crafted connection request repeatedly. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are internally consistent and point to a genuine but availability-only risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to a hospital's DICOM ingestion VLAN repeatedly opens crafted associations to the storescp port; with no authentication required and low complexity, each request leaks memory until the single-process receiver is OOM-killed and stops accepting studies. Imaging modalities can no longer push images to the receiver until an operator restarts it, disrupting clinical workflow. …
Remediation Upgrade DCMTK to the fixed release published by OFFIS on the project's GitHub releases page (https://github.com/DCMTK/dcmtk/releases/tag/latest); the reference points to a 'latest' release tag rather than a pinned version number, so Patch available per vendor advisory - confirm the exact patched version against CISA ICSMA-26-181-01 before deploying, as it is not independently confirmed from the provided data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify and inventory all DCMTK storescp deployments; isolate to network segments with restricted access; enable connection-rate limiting at ingress points. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40421 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy