Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2357

Опубликовано: 17 мар. 2025
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue.

A flaw was found in the DCMTK package. Insufficient input data validation can lead to a segmentation fault in the JPEG-LS decoder if invalid input data is processed. This vulnerability affects the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption and can be initiated remotely.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux AI (RHEL AI)dcmtkFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2352832DCMTK: DCMTK dcmjpls JPEG-LS Decoder memory corruption

EPSS

Процентиль: 57%
0.00345
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2357

CVSS3: 6.3
ubuntu
10 месяцев назад

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue.

nvd логотип

CVE-2025-2357

CVSS3: 6.3
nvd
10 месяцев назад

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue.

debian логотип

CVE-2025-2357

CVSS3: 6.3
debian
10 месяцев назад

A vulnerability was found in DCMTK 3.6.9. It has been declared as crit ...

github логотип

GHSA-vwr6-5rc9-p4cw

CVSS3: 6.3
github
10 месяцев назад

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue.

fstec логотип

BDU:2025-11441

CVSS3: 6.3
fstec
10 месяцев назад

Уязвимость компонента dcmjpls JPEG-LS Decoder библиотеки для работы с форматом DICOM DCMTK, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 57%
0.00345
Низкий

6.3 Medium

CVSS3