Machine-generated analysis · WAYSCloud LLM
The advisory states that DCMTK versions <=3.7.0 are affected by multiple vulnerabilities, including path traversal and memory management issues.
Context
The affected product is the OFFIS DCMTK Toolkit, a collection of libraries and applications for handling DICOM data in medical imaging. The advisory states that exploitation could allow file writing outside the intended directory, unauthorized information access, memory exhaustion, or process crashes. These vulnerabilities affect client or server processes using DCMTK in specific modes, such as bit-preserving C-GET storage. The maintainer has provided fixes via GitHub commits ahead of an official release.
Operator considerations
Check: Inventory systems using DCMTK versions 3.7.0 or earlier, particularly in healthcare imaging environments. Patch: Upgrade to the latest GitHub release once available, as fixes are included in recent commits. Log: Monitor for unexpected file creation or abnormal memory usage in DCMTK client processes.
Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes.
Read the full advisory on CISA →