Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/92612?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "dcmtk", "version": "3.6.5-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.6.5-1+deb11u1", "latest_non_vulnerable_version": "3.7.0+really3.7.0-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65927?format=api", "vulnerability_id": "VCID-7ntd-3yfn-uygy", "summary": "A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60501", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60491", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60476", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60493", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60504", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5663" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133001", "reference_id": "1133001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133001" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1194", "reference_id": "1194", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1194" }, { "reference_url": "https://machinespirits.com/advisory/2e1627/", "reference_id": "2e1627", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/" } ], "url": "https://machinespirits.com/advisory/2e1627/" }, { "reference_url": "https://vuldb.com/vuln/355486", "reference_id": "355486", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/" } ], "url": "https://vuldb.com/vuln/355486" }, { "reference_url": "https://vuldb.com/submit/786061", "reference_id": "786061", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/" } ], "url": "https://vuldb.com/submit/786061" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/vuln/355486/cti", "reference_id": "cti", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/" } ], "url": "https://vuldb.com/vuln/355486/cti" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8", "reference_id": "edbb085e45788dccaf0e64d71534cfca925784b8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:05:40Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-5663" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ntd-3yfn-uygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65926?format=api", "vulnerability_id": "VCID-py9d-avfb-vbch", "summary": "A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. This patch is called 0f78a4ef6f645ea5530166e445e5436a5de58e75. A patch should be applied to remediate this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13883", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15608", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1559", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15674", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15714", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10194" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139181", "reference_id": "1139181", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139181" }, { "reference_url": "https://vuldb.com/vuln/367475", "reference_id": "367475", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/" } ], "url": "https://vuldb.com/vuln/367475" }, { "reference_url": "https://vuldb.com/submit/821029", "reference_id": "821029", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/" } ], "url": "https://vuldb.com/submit/821029" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/vuln/367475/cti", "reference_id": "cti", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/" } ], "url": "https://vuldb.com/vuln/367475/cti" }, { "reference_url": "https://vuldb.com/cve/CVE-2026-10194", "reference_id": "CVE-2026-10194", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/" } ], "url": "https://vuldb.com/cve/CVE-2026-10194" }, { "reference_url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75", "reference_id": "?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T18:01:56Z/" } ], "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-10194" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-py9d-avfb-vbch" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65906?format=api", "vulnerability_id": "VCID-1xpy-jfzq-sba4", "summary": "OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20524", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20627", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20584", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20516", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20566", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20639", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2121" }, { "reference_url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T20:06:15Z/" } ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014044", "reference_id": "1014044", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014044" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2121", "reference_id": "CVE-2022-2121", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2121" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T20:06:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92621?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-2121" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xpy-jfzq-sba4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65908?format=api", "vulnerability_id": "VCID-2eqr-hjd8-aqd4", "summary": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36687", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36779", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36787", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36752", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36714", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36726", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43272" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/" } ], "url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7" }, { "reference_url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/" } ], "url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027165", "reference_id": "1027165", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027165" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/", "reference_id": "4HROBSUUV2LZCYUNODI2YM7G7AYYO75B", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43272", "reference_id": "CVE-2022-43272", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43272" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/", "reference_id": "R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/", "reference_id": "UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T16:53:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92626?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-43272" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2eqr-hjd8-aqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65893?format=api", "vulnerability_id": "VCID-3pv8-3pap-9ubz", "summary": "Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0339", "scoring_system": "epss", "scoring_elements": "0.87617", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0339", "scoring_system": "epss", "scoring_elements": "0.87639", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0339", "scoring_system": "epss", "scoring_elements": "0.8764", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0339", "scoring_system": "epss", "scoring_elements": "0.87638", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0339", "scoring_system": "epss", "scoring_elements": "0.87651", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8979" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848830", "reference_id": "848830", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848830" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92616?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.1~20160216-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.1~20160216-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8979" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pv8-3pap-9ubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65924?format=api", "vulnerability_id": "VCID-7amp-kxbd-auga", "summary": "A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42033", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42077", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42087", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.4206", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42025", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098373", "reference_id": "1098373", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098373" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346417", "reference_id": "2346417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346417" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245", "reference_id": "bffa3e9116abb7038b432443f16b1bd390e80245", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:07:26Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245" }, { "reference_url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245", "reference_id": "?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:07:26Z/" } ], "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92625?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92639?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-25475" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7amp-kxbd-auga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65892?format=api", "vulnerability_id": "VCID-7v7d-h167-kbb7", "summary": "(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29373", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29441", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29406", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29372", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29338", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29351", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6825" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92611?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.1~20150629-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.1~20150629-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6825" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7d-h167-kbb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65917?format=api", "vulnerability_id": "VCID-b5ww-xxqe-jkd4", "summary": "An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27282", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27414", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27364", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27324", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27273", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52333" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093047", "reference_id": "1093047", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093047" }, { "reference_url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03", "reference_id": "?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:40:23Z/" } ], "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121", "reference_id": "TALOS-2024-2121", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:40:23Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92628?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92632?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.8-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-52333" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5ww-xxqe-jkd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65923?format=api", "vulnerability_id": "VCID-bcaq-kyyb-77cw", "summary": "DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25474.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43209", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43255", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43234", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43199", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25474" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098374", "reference_id": "1098374", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098374" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346408", "reference_id": "2346408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346408" }, { "reference_url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847", "reference_id": "?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:11:50Z/" } ], "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92625?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92639?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-25474" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcaq-kyyb-77cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65894?format=api", "vulnerability_id": "VCID-dpj5-ppwr-e3hk", "summary": "OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69462", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69501", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69509", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69499", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69487", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69507", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010228" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92617?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-1010228" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpj5-ppwr-e3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65896?format=api", "vulnerability_id": "VCID-ftev-322g-4bdy", "summary": "DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39198", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39292", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39264", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39237", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39249", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41687" }, { "reference_url": "https://github.com/DCMTK/dcmtk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/DCMTK/dcmtk" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41687", "reference_id": "CVE-2021-41687", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41687" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" }, { "reference_url": "https://usn.ubuntu.com/7010-2/", "reference_id": "USN-7010-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92621?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41687" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftev-322g-4bdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65901?format=api", "vulnerability_id": "VCID-huy7-d71z-5fha", "summary": "OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90579", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90562", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90565", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90566", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90563", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2119" }, { "reference_url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T17:28:29Z/" } ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743", "reference_id": "1017743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2119", "reference_id": "CVE-2022-2119", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2119" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92625?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92624?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-2119" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huy7-d71z-5fha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65922?format=api", "vulnerability_id": "VCID-hvkg-fgjj-hkdd", "summary": "A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25472.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44475", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44519", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44463", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44511", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25472" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346419", "reference_id": "2346419", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346419" }, { "reference_url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2", "reference_id": "?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T20:59:55Z/" } ], "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92625?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92639?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-25472" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvkg-fgjj-hkdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65895?format=api", "vulnerability_id": "VCID-jgdz-9189-r7g5", "summary": "A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10687", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10674", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10591", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10612", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36855" }, { "reference_url": "https://vuldb.com/?ctiid.329028", "reference_id": "?ctiid.329028", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/" } ], "url": "https://vuldb.com/?ctiid.329028" }, { "reference_url": "https://vuldb.com/?id.329028", "reference_id": "?id.329028", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/" } ], "url": "https://vuldb.com/?id.329028" }, { "reference_url": "https://shimo.im/docs/rp3OMVMDPKtjn0km/", "reference_id": "rp3OMVMDPKtjn0km", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/" } ], "url": "https://shimo.im/docs/rp3OMVMDPKtjn0km/" }, { "reference_url": "https://vuldb.com/?submit.673137", "reference_id": "?submit.673137", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:23:22Z/" } ], "url": "https://vuldb.com/?submit.673137" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92620?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92619?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-36855" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgdz-9189-r7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65910?format=api", "vulnerability_id": "VCID-k69v-pkc8-kqbj", "summary": "Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.82041", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.8203", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.82031", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.82033", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.82026", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27628" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483", "reference_id": "1074483", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1108", "reference_id": "1108", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T18:15:11Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1108" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3", "reference_id": "ec52e99e1e33fc39810560421c0833b02da567b3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T18:15:11Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92629?format=api", "purl": "pkg:deb/debian/dcmtk@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92628?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92630?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-27628" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k69v-pkc8-kqbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65911?format=api", "vulnerability_id": "VCID-kdkg-938z-jken", "summary": "An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3397", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34014", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33981", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33948", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070207", "reference_id": "1070207", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070207" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T16:15:20Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957", "reference_id": "TALOS-2024-1957", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T16:15:20Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92631?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-28130" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdkg-938z-jken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65914?format=api", "vulnerability_id": "VCID-kv67-5977-rbau", "summary": "dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21393", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21338", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21329", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21454", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21439", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34508" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34508" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1114", "reference_id": "1114", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:05:58Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1114" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "reference_id": "c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:05:58Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T16:05:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92628?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92631?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-34508" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kv67-5977-rbau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65916?format=api", "vulnerability_id": "VCID-nr5e-9e1n-67fn", "summary": "An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23672", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23782", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23767", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23721", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23666", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47796" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093043", "reference_id": "1093043", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093043" }, { "reference_url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6", "reference_id": "?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:43:15Z/" } ], "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122", "reference_id": "TALOS-2024-2122", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-13T14:43:15Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92625?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92628?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92632?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.8-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47796" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nr5e-9e1n-67fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65909?format=api", "vulnerability_id": "VCID-p7j3-gsyg-3uh8", "summary": "A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03034", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03045", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03053", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03001", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02983", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02948", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4981" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4981" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1026", "reference_id": "1026", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1026" }, { "reference_url": "https://vuldb.com/?ctiid.329029", "reference_id": "?ctiid.329029", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/" } ], "url": "https://vuldb.com/?ctiid.329029" }, { "reference_url": "https://shimo.im/docs/e1Azd4dDQXUgOGqW/", "reference_id": "e1Azd4dDQXUgOGqW", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/" } ], "url": "https://shimo.im/docs/e1Azd4dDQXUgOGqW/" }, { "reference_url": "https://vuldb.com/?id.329029", "reference_id": "?id.329029", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/" } ], "url": "https://vuldb.com/?id.329029" }, { "reference_url": "https://vuldb.com/?submit.673134", "reference_id": "?submit.673134", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T15:22:37Z/" } ], "url": "https://vuldb.com/?submit.673134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92620?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92627?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.8-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.8-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-4981" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7j3-gsyg-3uh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65921?format=api", "vulnerability_id": "VCID-rbf5-ppzg-13gw", "summary": "A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2357.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2357.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37681", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37734", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37737", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37706", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37668", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2357" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100724", "reference_id": "1100724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100724" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1155", "reference_id": "1155", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1155" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1155?tab=history#note-1", "reference_id": "1155?tab=history#note-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1155?tab=history#note-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352832", "reference_id": "2352832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352832" }, { "reference_url": "https://vuldb.com/?ctiid.299824", "reference_id": "?ctiid.299824", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/" } ], "url": "https://vuldb.com/?ctiid.299824" }, { "reference_url": "https://vuldb.com/?id.299824", "reference_id": "?id.299824", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/" } ], "url": "https://vuldb.com/?id.299824" }, { "reference_url": "https://vuldb.com/?submit.513692", "reference_id": "?submit.513692", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:24:12Z/" } ], "url": "https://vuldb.com/?submit.513692" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92625?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-2357" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rbf5-ppzg-13gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65898?format=api", "vulnerability_id": "VCID-rg36-aatr-u3az", "summary": "DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29031", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28997", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28962", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28928", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28938", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41689" }, { "reference_url": "https://github.com/DCMTK/dcmtk", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-17T19:48:58Z/" } ], "url": "https://github.com/DCMTK/dcmtk" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-17T19:48:58Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41689", "reference_id": "CVE-2021-41689", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41689" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-17T19:48:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92621?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41689" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg36-aatr-u3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65904?format=api", "vulnerability_id": "VCID-seqk-w718-mugp", "summary": "OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90579", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90562", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90565", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90566", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05677", "scoring_system": "epss", "scoring_elements": "0.90563", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2120" }, { "reference_url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T17:28:32Z/" } ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743", "reference_id": "1017743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017743" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2120", "reference_id": "CVE-2022-2120", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2120" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92625?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92624?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-2120" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-seqk-w718-mugp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65925?format=api", "vulnerability_id": "VCID-u99k-qgku-4fcu", "summary": "A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10547", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10468", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10444", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1053", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10569", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113993", "reference_id": "1113993", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113993" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/7ad81d69b", "reference_id": "7ad81d69b", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/7ad81d69b" }, { "reference_url": "https://vuldb.com/?ctiid.322023", "reference_id": "?ctiid.322023", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/" } ], "url": "https://vuldb.com/?ctiid.322023" }, { "reference_url": "https://vuldb.com/?id.322023", "reference_id": "?id.322023", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/" } ], "url": "https://vuldb.com/?id.322023" }, { "reference_url": "https://vuldb.com/?submit.639772", "reference_id": "?submit.639772", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T14:40:15Z/" } ], "url": "https://vuldb.com/?submit.639772" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92620?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92647?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-9732" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u99k-qgku-4fcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65897?format=api", "vulnerability_id": "VCID-ute2-fk4x-kub7", "summary": "DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33801", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33809", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33776", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33722", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33828", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33843", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41688" }, { "reference_url": "https://github.com/DCMTK/dcmtk", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:47:23Z/" } ], "url": "https://github.com/DCMTK/dcmtk" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:47:23Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41688", "reference_id": "CVE-2021-41688", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41688" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:47:23Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92621?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41688" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ute2-fk4x-kub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65918?format=api", "vulnerability_id": "VCID-v3nv-nce7-myh7", "summary": "A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14607.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14607.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26015", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26009", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26065", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26111", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26117", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14607" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122926", "reference_id": "1122926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122926" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1184", "reference_id": "1184", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1184" }, { "reference_url": "https://support.dcmtk.org/redmine/versions/19", "reference_id": "19", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/" } ], "url": "https://support.dcmtk.org/redmine/versions/19" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421979", "reference_id": "2421979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421979" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a", "reference_id": "4c0e5c10079392c594d6a7abd95dd78ac0aa556a", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a" }, { "reference_url": "https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02", "reference_id": "activity?from=2025-12-02", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/" } ], "url": "https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/?ctiid.336283", "reference_id": "?ctiid.336283", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/" } ], "url": "https://vuldb.com/?ctiid.336283" }, { "reference_url": "https://vuldb.com/?id.336283", "reference_id": "?id.336283", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/" } ], "url": "https://vuldb.com/?id.336283" }, { "reference_url": "https://vuldb.com/?submit.705036", "reference_id": "?submit.705036", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:46:27Z/" } ], "url": "https://vuldb.com/?submit.705036" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92633?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92634?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14607" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3nv-nce7-myh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65915?format=api", "vulnerability_id": "VCID-wv2q-gdbr-dqen", "summary": "dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29491", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29529", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33185", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33172", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33152", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34509" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1114", "reference_id": "1114", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:40:37Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1114" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "reference_id": "c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:40:37Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:40:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92628?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92631?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-34509" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wv2q-gdbr-dqen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65900?format=api", "vulnerability_id": "VCID-xhva-rhyr-qug8", "summary": "DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33801", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33809", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33776", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33722", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33828", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33843", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41690" }, { "reference_url": "https://github.com/DCMTK/dcmtk", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:13:18Z/" } ], "url": "https://github.com/DCMTK/dcmtk" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:13:18Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41690", "reference_id": "CVE-2021-41690", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41690" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:13:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" }, { "reference_url": "https://usn.ubuntu.com/5882-1/", "reference_id": "USN-5882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5882-1/" }, { "reference_url": "https://usn.ubuntu.com/7010-1/", "reference_id": "USN-7010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7010-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92622?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92621?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92610?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.7-9~deb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-p7j3-gsyg-3uh8" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-rbf5-ppzg-13gw" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.7-9~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92615?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.9-5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" }, { "vulnerability": "VCID-u99k-qgku-4fcu" }, { "vulnerability": "VCID-v3nv-nce7-myh7" }, { "vulnerability": "VCID-ypj9-j6na-bycz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.9-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41690" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhva-rhyr-qug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65920?format=api", "vulnerability_id": "VCID-ypj9-j6na-bycz", "summary": "A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07223", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0721", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07254", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07268", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07263", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14841" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123584", "reference_id": "1123584", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123584" }, { "reference_url": "https://support.dcmtk.org/redmine/issues/1183", "reference_id": "1183", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/" } ], "url": "https://support.dcmtk.org/redmine/issues/1183" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*" }, { "reference_url": "https://vuldb.com/?ctiid.337004", "reference_id": "?ctiid.337004", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/" } ], "url": "https://vuldb.com/?ctiid.337004" }, { "reference_url": "https://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0", "reference_id": "DCMTK-3.7.0", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/" } ], "url": "https://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0" }, { "reference_url": "https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030", "reference_id": "ffb1a4a37d2c876e3feeb31df4930f2aed7fa030", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/" } ], "url": "https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030" }, { "reference_url": "https://vuldb.com/?id.337004", "reference_id": "?id.337004", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/" } ], "url": "https://vuldb.com/?id.337004" }, { "reference_url": "https://vuldb.com/?submit.714605", "reference_id": "?submit.714605", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/" } ], "url": "https://vuldb.com/?submit.714605" }, { "reference_url": "https://vuldb.com/?submit.714634", "reference_id": "?submit.714634", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:47:22Z/" } ], "url": "https://vuldb.com/?submit.714634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92612?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92633?format=api", "purl": "pkg:deb/debian/dcmtk@3.6.5-1%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92634?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92613?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ntd-3yfn-uygy" }, { "vulnerability": "VCID-py9d-avfb-vbch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/92614?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304754?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1168172?format=api", "purl": "pkg:deb/debian/dcmtk@3.7.0%2Breally3.7.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.7.0%252Breally3.7.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14841" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ypj9-j6na-bycz" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dcmtk@3.6.5-1%3Fdistro=trixie" }