Dcmtk Toolkit
Monthly
Path traversal in OFFIS DCMTK (DICOM Toolkit) lets a malicious or compromised DICOM server write attacker-controlled files to arbitrary locations on a DCMTK client host whenever that client retrieves objects using bit-preserving C-GET storage mode. Because the client trusts server-supplied storage paths, both relative (../) and absolute paths escape the chosen output directory, enabling overwrite of client-side files and potential code execution. Reported via CISA ICS-CERT (medical advisory ICSMA-26-181-01); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in OFFIS DCMTK's storescp DICOM receiver allows an unauthenticated remote attacker to exhaust process memory by repeatedly sending a single crafted connection request (CWE-401 memory leak), eventually crashing the service so it stops accepting connections until an operator manually restarts it. In the default single-process deployment mode the leak accumulates per connection and brings the listener down quickly. CVSS 4.0 scores this 8.7 (High), driven entirely by availability impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in OFFIS DCMTK DICOM toolkit allows an unauthenticated remote attacker to exhaust memory by repeatedly sending crafted connection requests, each of which leaks unfreed memory. In single-process deployments the leaked memory accumulates until the service process is killed by the OS and the listening port stops responding until a manual restart. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.7 (availability-only impact), reported through CISA ICS-CERT medical advisory ICSMA-26-181-01.
Path traversal in OFFIS DCMTK DICOM toolkit lets an unauthenticated network attacker read DICOM Modality Worklist records stored outside the intended per-Application-Entity (AE) directory. In multi-area or multi-tenant deployments this breaks departmental and clinic-level data separation, exposing patient scheduling and demographic data across boundaries; the issue was disclosed through CISA's ICS Medical advisory ICSMA-26-181-01 with no public exploit identified at time of analysis.
Denial of service in OFFIS DCMTK's DICOM worklist server (wlmscpfs) allows a remote, unauthenticated attacker to crash the service with a single crafted DICOM query when the server is provisioned with a valid Called AE Title, a storage directory, the expected lockfile, and at least one matching worklist record. The flaw stems from a type-confusion condition (CWE-843) and carries a CVSS 4.0 base score of 8.7 driven entirely by high availability impact (VA:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, though it was reported through the ICS-CERT/ICSMA medical-advisory channel.
Path traversal in OFFIS DCMTK (DICOM Toolkit) lets a malicious or compromised DICOM server write attacker-controlled files to arbitrary locations on a DCMTK client host whenever that client retrieves objects using bit-preserving C-GET storage mode. Because the client trusts server-supplied storage paths, both relative (../) and absolute paths escape the chosen output directory, enabling overwrite of client-side files and potential code execution. Reported via CISA ICS-CERT (medical advisory ICSMA-26-181-01); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in OFFIS DCMTK's storescp DICOM receiver allows an unauthenticated remote attacker to exhaust process memory by repeatedly sending a single crafted connection request (CWE-401 memory leak), eventually crashing the service so it stops accepting connections until an operator manually restarts it. In the default single-process deployment mode the leak accumulates per connection and brings the listener down quickly. CVSS 4.0 scores this 8.7 (High), driven entirely by availability impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in OFFIS DCMTK DICOM toolkit allows an unauthenticated remote attacker to exhaust memory by repeatedly sending crafted connection requests, each of which leaks unfreed memory. In single-process deployments the leaked memory accumulates until the service process is killed by the OS and the listening port stops responding until a manual restart. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.7 (availability-only impact), reported through CISA ICS-CERT medical advisory ICSMA-26-181-01.
Path traversal in OFFIS DCMTK DICOM toolkit lets an unauthenticated network attacker read DICOM Modality Worklist records stored outside the intended per-Application-Entity (AE) directory. In multi-area or multi-tenant deployments this breaks departmental and clinic-level data separation, exposing patient scheduling and demographic data across boundaries; the issue was disclosed through CISA's ICS Medical advisory ICSMA-26-181-01 with no public exploit identified at time of analysis.
Denial of service in OFFIS DCMTK's DICOM worklist server (wlmscpfs) allows a remote, unauthenticated attacker to crash the service with a single crafted DICOM query when the server is provisioned with a valid Called AE Title, a storage directory, the expected lockfile, and at least one matching worklist record. The flaw stems from a type-confusion condition (CWE-843) and carries a CVSS 4.0 base score of 8.7 driven entirely by high availability impact (VA:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, though it was reported through the ICS-CERT/ICSMA medical-advisory channel.