{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","type":"deb","namespace":"debian","name":"dcmtk","version":"3.6.7-9~deb12u3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.6.7-14","latest_non_vulnerable_version":"3.7.0+really3.7.0-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65927?format=json","vulnerability_id":"VCID-7ntd-3yfn-uygy","summary":"A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5663","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60501","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60491","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60476","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60493","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60504","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5663"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133001","reference_id":"1133001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133001"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1194","reference_id":"1194","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1194"},{"reference_url":"https://machinespirits.com/advisory/2e1627/","reference_id":"2e1627","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/"}],"url":"https://machinespirits.com/advisory/2e1627/"},{"reference_url":"https://vuldb.com/vuln/355486","reference_id":"355486","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/"}],"url":"https://vuldb.com/vuln/355486"},{"reference_url":"https://vuldb.com/submit/786061","reference_id":"786061","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/"}],"url":"https://vuldb.com/submit/786061"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/355486/cti","reference_id":"cti","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/"}],"url":"https://vuldb.com/vuln/355486/cti"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8","reference_id":"edbb085e45788dccaf0e64d71534cfca925784b8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2026-5663"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ntd-3yfn-uygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65909?format=json","vulnerability_id":"VCID-p7j3-gsyg-3uh8","summary":"A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4981","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03034","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03045","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03053","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03001","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02983","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02948","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4981"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1026","reference_id":"1026","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1026"},{"reference_url":"https://vuldb.com/?ctiid.329029","reference_id":"?ctiid.329029","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/"}],"url":"https://vuldb.com/?ctiid.329029"},{"reference_url":"https://shimo.im/docs/e1Azd4dDQXUgOGqW/","reference_id":"e1Azd4dDQXUgOGqW","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/"}],"url":"https://shimo.im/docs/e1Azd4dDQXUgOGqW/"},{"reference_url":"https://vuldb.com/?id.329029","reference_id":"?id.329029","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/"}],"url":"https://vuldb.com/?id.329029"},{"reference_url":"https://vuldb.com/?submit.673134","reference_id":"?submit.673134","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/"}],"url":"https://vuldb.com/?submit.673134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92627?format=json","purl":"pkg:deb/debian/dcmtk@3.6.8-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2022-4981"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7j3-gsyg-3uh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65926?format=json","vulnerability_id":"VCID-py9d-avfb-vbch","summary":"A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. This patch is called 0f78a4ef6f645ea5530166e445e5436a5de58e75. A patch should be applied to remediate this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-10194","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13883","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15608","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1559","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15674","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15714","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-10194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10194"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139181","reference_id":"1139181","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139181"},{"reference_url":"https://vuldb.com/vuln/367475","reference_id":"367475","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/"}],"url":"https://vuldb.com/vuln/367475"},{"reference_url":"https://vuldb.com/submit/821029","reference_id":"821029","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/"}],"url":"https://vuldb.com/submit/821029"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/367475/cti","reference_id":"cti","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/"}],"url":"https://vuldb.com/vuln/367475/cti"},{"reference_url":"https://vuldb.com/cve/CVE-2026-10194","reference_id":"CVE-2026-10194","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/"}],"url":"https://vuldb.com/cve/CVE-2026-10194"},{"reference_url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75","reference_id":"?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/"}],"url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2026-10194"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-py9d-avfb-vbch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65921?format=json","vulnerability_id":"VCID-rbf5-ppzg-13gw","summary":"A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2357.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2357","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37681","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37734","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37737","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37706","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37668","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2357"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100724","reference_id":"1100724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100724"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1155","reference_id":"1155","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1155"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1155?tab=history#note-1","reference_id":"1155?tab=history#note-1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1155?tab=history#note-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2352832","reference_id":"2352832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2352832"},{"reference_url":"https://vuldb.com/?ctiid.299824","reference_id":"?ctiid.299824","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/"}],"url":"https://vuldb.com/?ctiid.299824"},{"reference_url":"https://vuldb.com/?id.299824","reference_id":"?id.299824","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/"}],"url":"https://vuldb.com/?id.299824"},{"reference_url":"https://vuldb.com/?submit.513692","reference_id":"?submit.513692","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/"}],"url":"https://vuldb.com/?submit.513692"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2025-2357"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbf5-ppzg-13gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65925?format=json","vulnerability_id":"VCID-u99k-qgku-4fcu","summary":"A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9732","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10547","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10468","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10444","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1053","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10569","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113993","reference_id":"1113993","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113993"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/7ad81d69b","reference_id":"7ad81d69b","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/7ad81d69b"},{"reference_url":"https://vuldb.com/?ctiid.322023","reference_id":"?ctiid.322023","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/"}],"url":"https://vuldb.com/?ctiid.322023"},{"reference_url":"https://vuldb.com/?id.322023","reference_id":"?id.322023","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/"}],"url":"https://vuldb.com/?id.322023"},{"reference_url":"https://vuldb.com/?submit.639772","reference_id":"?submit.639772","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/"}],"url":"https://vuldb.com/?submit.639772"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92647?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2025-9732"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u99k-qgku-4fcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65918?format=json","vulnerability_id":"VCID-v3nv-nce7-myh7","summary":"A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14607.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14607","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26015","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26009","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26065","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26111","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26117","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14607"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122926","reference_id":"1122926","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122926"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1184","reference_id":"1184","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1184"},{"reference_url":"https://support.dcmtk.org/redmine/versions/19","reference_id":"19","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/"}],"url":"https://support.dcmtk.org/redmine/versions/19"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2421979","reference_id":"2421979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2421979"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a","reference_id":"4c0e5c10079392c594d6a7abd95dd78ac0aa556a","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a"},{"reference_url":"https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02","reference_id":"activity?from=2025-12-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/"}],"url":"https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/?ctiid.336283","reference_id":"?ctiid.336283","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/"}],"url":"https://vuldb.com/?ctiid.336283"},{"reference_url":"https://vuldb.com/?id.336283","reference_id":"?id.336283","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/"}],"url":"https://vuldb.com/?id.336283"},{"reference_url":"https://vuldb.com/?submit.705036","reference_id":"?submit.705036","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/"}],"url":"https://vuldb.com/?submit.705036"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92634?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2025-14607"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3nv-nce7-myh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65920?format=json","vulnerability_id":"VCID-ypj9-j6na-bycz","summary":"A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14841","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0721","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07254","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07268","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07263","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14841"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123584","reference_id":"1123584","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123584"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1183","reference_id":"1183","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1183"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/?ctiid.337004","reference_id":"?ctiid.337004","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/"}],"url":"https://vuldb.com/?ctiid.337004"},{"reference_url":"https://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0","reference_id":"DCMTK-3.7.0","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/"}],"url":"https://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030","reference_id":"ffb1a4a37d2c876e3feeb31df4930f2aed7fa030","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030"},{"reference_url":"https://vuldb.com/?id.337004","reference_id":"?id.337004","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/"}],"url":"https://vuldb.com/?id.337004"},{"reference_url":"https://vuldb.com/?submit.714605","reference_id":"?submit.714605","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/"}],"url":"https://vuldb.com/?submit.714605"},{"reference_url":"https://vuldb.com/?submit.714634","reference_id":"?submit.714634","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/"}],"url":"https://vuldb.com/?submit.714634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92634?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2025-14841"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypj9-j6na-bycz"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65906?format=json","vulnerability_id":"VCID-1xpy-jfzq-sba4","summary":"OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2121","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20524","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20627","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20584","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20516","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20566","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20639","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2121"},{"reference_url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T20:06:15Z/"}],"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014044","reference_id":"1014044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2121","reference_id":"CVE-2022-2121","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2121"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T20:06:15Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92621?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2022-2121"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xpy-jfzq-sba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65908?format=json","vulnerability_id":"VCID-2eqr-hjd8-aqd4","summary":"DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43272","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36687","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36779","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36787","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36752","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36714","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36726","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43272"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/"}],"url":"https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"},{"reference_url":"https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/"}],"url":"https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027165","reference_id":"1027165","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027165"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/","reference_id":"4HROBSUUV2LZCYUNODI2YM7G7AYYO75B","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43272","reference_id":"CVE-2022-43272","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43272"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/","reference_id":"R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/","reference_id":"UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92626?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2022-43272"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2eqr-hjd8-aqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65893?format=json","vulnerability_id":"VCID-3pv8-3pap-9ubz","summary":"Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8979","reference_id":"","reference_type":"","scores":[{"value":"0.0339","scoring_system":"epss","scoring_elements":"0.87617","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0339","scoring_system":"epss","scoring_elements":"0.87639","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0339","scoring_system":"epss","scoring_elements":"0.8764","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0339","scoring_system":"epss","scoring_elements":"0.87638","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0339","scoring_system":"epss","scoring_elements":"0.87651","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8979"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8979","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8979"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848830","reference_id":"848830","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848830"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92616?format=json","purl":"pkg:deb/debian/dcmtk@3.6.1~20160216-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.1~20160216-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2015-8979"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pv8-3pap-9ubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65924?format=json","vulnerability_id":"VCID-7amp-kxbd-auga","summary":"A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25475.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25475","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42033","published_at":"2026-06-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42077","published_at":"2026-06-05T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42087","published_at":"2026-06-06T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4206","published_at":"2026-06-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42025","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098373","reference_id":"1098373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098373"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346417","reference_id":"2346417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346417"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245","reference_id":"bffa3e9116abb7038b432443f16b1bd390e80245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:07:26Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245"},{"reference_url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245","reference_id":"?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:07:26Z/"}],"url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92625?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92639?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2025-25475"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7amp-kxbd-auga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65892?format=json","vulnerability_id":"VCID-7v7d-h167-kbb7","summary":"(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6825","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29373","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29441","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29406","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29372","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29338","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29351","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6825"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6825","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6825"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92611?format=json","purl":"pkg:deb/debian/dcmtk@3.6.1~20150629-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.1~20150629-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2013-6825"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7d-h167-kbb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65917?format=json","vulnerability_id":"VCID-b5ww-xxqe-jkd4","summary":"An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52333","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27282","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27414","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27364","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27324","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27273","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52333"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093047","reference_id":"1093047","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093047"},{"reference_url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03","reference_id":"?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:40:23Z/"}],"url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121","reference_id":"TALOS-2024-2121","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:40:23Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92628?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92632?format=json","purl":"pkg:deb/debian/dcmtk@3.6.8-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2024-52333"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5ww-xxqe-jkd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65923?format=json","vulnerability_id":"VCID-bcaq-kyyb-77cw","summary":"DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25474.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25474.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25474","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43209","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43255","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43234","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43199","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25474"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098374","reference_id":"1098374","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346408","reference_id":"2346408","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346408"},{"reference_url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847","reference_id":"?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:11:50Z/"}],"url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92625?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92639?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2025-25474"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bcaq-kyyb-77cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65894?format=json","vulnerability_id":"VCID-dpj5-ppwr-e3hk","summary":"OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010228","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69462","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69501","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69509","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69499","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69487","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69507","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010228"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010228","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010228"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92617?format=json","purl":"pkg:deb/debian/dcmtk@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2019-1010228"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpj5-ppwr-e3hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65896?format=json","vulnerability_id":"VCID-ftev-322g-4bdy","summary":"DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41687","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39198","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39287","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39264","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39237","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39249","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41687"},{"reference_url":"https://github.com/DCMTK/dcmtk","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/DCMTK/dcmtk"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41687","reference_id":"CVE-2021-41687","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41687"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"},{"reference_url":"https://usn.ubuntu.com/7010-2/","reference_id":"USN-7010-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92621?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2021-41687"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftev-322g-4bdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65901?format=json","vulnerability_id":"VCID-huy7-d71z-5fha","summary":"OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2119","reference_id":"","reference_type":"","scores":[{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90579","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90562","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90566","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90563","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2119"},{"reference_url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T17:28:29Z/"}],"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743","reference_id":"1017743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2119","reference_id":"CVE-2022-2119","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2119"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92625?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92624?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2022-2119"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huy7-d71z-5fha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65922?format=json","vulnerability_id":"VCID-hvkg-fgjj-hkdd","summary":"A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25472.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25472","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44475","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44519","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44463","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44511","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25472"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346419","reference_id":"2346419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346419"},{"reference_url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2","reference_id":"?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T20:59:55Z/"}],"url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92625?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92639?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2025-25472"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvkg-fgjj-hkdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65895?format=json","vulnerability_id":"VCID-jgdz-9189-r7g5","summary":"A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36855","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10644","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10687","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10712","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10674","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10591","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10612","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36855"},{"reference_url":"https://vuldb.com/?ctiid.329028","reference_id":"?ctiid.329028","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/"}],"url":"https://vuldb.com/?ctiid.329028"},{"reference_url":"https://vuldb.com/?id.329028","reference_id":"?id.329028","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/"}],"url":"https://vuldb.com/?id.329028"},{"reference_url":"https://shimo.im/docs/rp3OMVMDPKtjn0km/","reference_id":"rp3OMVMDPKtjn0km","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/"}],"url":"https://shimo.im/docs/rp3OMVMDPKtjn0km/"},{"reference_url":"https://vuldb.com/?submit.673137","reference_id":"?submit.673137","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/"}],"url":"https://vuldb.com/?submit.673137"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92620?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92619?format=json","purl":"pkg:deb/debian/dcmtk@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2020-36855"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgdz-9189-r7g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65910?format=json","vulnerability_id":"VCID-k69v-pkc8-kqbj","summary":"Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27628","reference_id":"","reference_type":"","scores":[{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82041","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.8203","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82031","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82033","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82026","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27628"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483","reference_id":"1074483","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1108","reference_id":"1108","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T18:15:11Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1108"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3","reference_id":"ec52e99e1e33fc39810560421c0833b02da567b3","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T18:15:11Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92629?format=json","purl":"pkg:deb/debian/dcmtk@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92628?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92630?format=json","purl":"pkg:deb/debian/dcmtk@3.6.8-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2024-27628"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k69v-pkc8-kqbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65911?format=json","vulnerability_id":"VCID-kdkg-938z-jken","summary":"An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28130","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3397","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34014","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33981","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33948","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28130"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070207","reference_id":"1070207","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070207"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T16:15:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957","reference_id":"TALOS-2024-1957","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T16:15:20Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92631?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-14?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-14%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2024-28130"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdkg-938z-jken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65914?format=json","vulnerability_id":"VCID-kv67-5977-rbau","summary":"dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34508","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21393","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21338","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21329","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21454","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21439","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34508"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1114","reference_id":"1114","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:05:58Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1114"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5","reference_id":"c78e434c0c5f9d932874f0b17a8b4ce305ca01f5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:05:58Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:05:58Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92628?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92631?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-14?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-14%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2024-34508"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kv67-5977-rbau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65916?format=json","vulnerability_id":"VCID-nr5e-9e1n-67fn","summary":"An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47796","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23672","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23782","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23767","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23721","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23666","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47796"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093043","reference_id":"1093043","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093043"},{"reference_url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6","reference_id":"?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:43:15Z/"}],"url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122","reference_id":"TALOS-2024-2122","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:43:15Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92625?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92628?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92632?format=json","purl":"pkg:deb/debian/dcmtk@3.6.8-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2024-47796"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nr5e-9e1n-67fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65898?format=json","vulnerability_id":"VCID-rg36-aatr-u3az","summary":"DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41689","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28961","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29031","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28997","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28962","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28928","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28938","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41689"},{"reference_url":"https://github.com/DCMTK/dcmtk","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-17T19:48:58Z/"}],"url":"https://github.com/DCMTK/dcmtk"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-17T19:48:58Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41689","reference_id":"CVE-2021-41689","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41689"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-17T19:48:58Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92621?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2021-41689"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rg36-aatr-u3az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65904?format=json","vulnerability_id":"VCID-seqk-w718-mugp","summary":"OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2120","reference_id":"","reference_type":"","scores":[{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90579","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90562","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90551","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90566","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05677","scoring_system":"epss","scoring_elements":"0.90563","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2120"},{"reference_url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T17:28:32Z/"}],"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743","reference_id":"1017743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2120","reference_id":"CVE-2022-2120","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2120"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92625?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92624?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2022-2120"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-seqk-w718-mugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65897?format=json","vulnerability_id":"VCID-ute2-fk4x-kub7","summary":"DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41688","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33801","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33809","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33776","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33722","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33828","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33843","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41688"},{"reference_url":"https://github.com/DCMTK/dcmtk","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:47:23Z/"}],"url":"https://github.com/DCMTK/dcmtk"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:47:23Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41688","reference_id":"CVE-2021-41688","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41688"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:47:23Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92621?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2021-41688"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ute2-fk4x-kub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65915?format=json","vulnerability_id":"VCID-wv2q-gdbr-dqen","summary":"dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34509","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29491","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29529","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33185","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33172","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33152","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34509"},{"reference_url":"https://support.dcmtk.org/redmine/issues/1114","reference_id":"1114","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:40:37Z/"}],"url":"https://support.dcmtk.org/redmine/issues/1114"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5","reference_id":"c78e434c0c5f9d932874f0b17a8b4ce305ca01f5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:40:37Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:40:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92628?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92631?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-14?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-14%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2024-34509"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv2q-gdbr-dqen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65900?format=json","vulnerability_id":"VCID-xhva-rhyr-qug8","summary":"DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41690","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33801","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33809","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33776","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33722","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33828","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33843","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41690"},{"reference_url":"https://github.com/DCMTK/dcmtk","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:13:18Z/"}],"url":"https://github.com/DCMTK/dcmtk"},{"reference_url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:13:18Z/"}],"url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41690","reference_id":"CVE-2021-41690","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41690"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:13:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"},{"reference_url":"https://usn.ubuntu.com/5882-1/","reference_id":"USN-5882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5882-1/"},{"reference_url":"https://usn.ubuntu.com/7010-1/","reference_id":"USN-7010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92612?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92622?format=json","purl":"pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92621?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92610?format=json","purl":"pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-p7j3-gsyg-3uh8"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-rbf5-ppzg-13gw"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92615?format=json","purl":"pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"},{"vulnerability":"VCID-u99k-qgku-4fcu"},{"vulnerability":"VCID-v3nv-nce7-myh7"},{"vulnerability":"VCID-ypj9-j6na-bycz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92613?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ntd-3yfn-uygy"},{"vulnerability":"VCID-py9d-avfb-vbch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92614?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/304754?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1168172?format=json","purl":"pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie"}],"aliases":["CVE-2021-41690"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhva-rhyr-qug8"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie"}