Описание
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 3.6.7-5 |
| esm-apps/bionic | released | 3.6.2-3ubuntu0.1~esm1 |
| esm-apps/focal | released | 3.6.4-2.1ubuntu0.1~esm1 |
| esm-apps/jammy | released | 3.6.6-5ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | 3.6.7-5 |
| esm-apps/xenial | released | 3.6.1~20150924-5ubuntu0.1~esm1 |
| focal | released | 3.6.4-2.1ubuntu0.1 |
| impish | ignored | end of life |
| jammy | needed |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
Уязвимость библиотеки для работы с форматом DICOM DCMTK, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3