Описание
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | needs-triage | |
| esm-apps/bionic | released | 3.6.2-3ubuntu0.1~esm1 |
| esm-apps/focal | released | 3.6.4-2.1ubuntu0.1~esm1 |
| esm-apps/jammy | released | 3.6.6-5ubuntu0.1~esm1 |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | released | 3.6.1~20150924-5ubuntu0.1~esm1 |
| focal | ignored | end of standard support, was needed |
| impish | ignored | end of life |
| jammy | needed |
Показывать по
EPSS
7.5 High
CVSS2
7.5 High
CVSS3
Связанные уязвимости
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
Уязвимость библиотеки для работы с форматом DICOM DCMTK, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer
EPSS
7.5 High
CVSS2
7.5 High
CVSS3