Heap-Based Buffer Overflow in OFFIS DCMTK Affects DcmQueryRetrieveIndexDatabaseHandle
CVE-2026-10194

5.3MEDIUM

Key Information:

Vendor: Offis
Status: Dcmtk
Vendor: CVE Published:; 31 May 2026

What is CVE-2026-10194?

A vulnerability in the OFFIS DCMTK version 3.7.0 specifically impacts the DcmQueryRetrieveIndexDatabaseHandle component, allowing for a heap-based buffer overflow. This weakness may be exploited remotely through manipulation of the deleteOldestImages function in the dcmqrdb/libsrc/dcmqrdbi.cc file. A patch has been provided to address this issue, which is crucial for maintaining the security and integrity of systems utilizing this software.

Affected Version(s)

DCMTK 3.7.0

References

https://vuldb.com/vuln/367475

vdb-entrytechnical-description

https://vuldb.com/vuln/367475/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-10194

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2026
Vulnerability Reserved
May 30, 2026

Credit

elp3pinill0

dapickle (VulDB User)

CVE-2026-10194 Data

JSON