Memory Management Issue in DCMTK by Offis
CVE-2021-41688

7.5HIGH

Key Information:

Vendor: Offis
Status: Dcmtk
Vendor: CVE Published:; 28 June 2022

What is CVE-2021-41688?

DCMTK versions up to 3.6.6 exhibit improper memory handling, where an object can be freed while its address is still referenced by other parts of the application. This flaw can be exploited by sending specifically crafted requests to the dcmqrdb program, potentially resulting in a double free scenario. An attacker could leverage this weakness to cause denial of service, interrupting the functionality of the service dependent on DCMTK.

References

https://github.com/DCMTK/dcmtk

https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412...

https://lists.debian.org/debian-lts-announce/2024/06/msg0...

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2022
Vulnerability Reserved
Sep 27, 2021