Buffer Overflow Vulnerability in DCMTK by Offis
CVE-2025-25472

5.3MEDIUM

Key Information:

Vendor

Offis

Status
DCMTK
Vendor
CVE Published:
18 February 2025

What is CVE-2025-25472?

A buffer overflow vulnerability has been identified in DCMTK, specifically affecting versions from git master v3.6.9 and onward. Attackers can exploit this flaw by delivering a specially crafted DCM file, potentially leading to a Denial of Service (DoS) condition. It is crucial for users of DCMTK to address this vulnerability promptly to ensure system stability and security.

References

https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.