CVE-2025-14841

EUVD-2025-204021
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
offisdcmtk
3.6.0
CNA
offisdcmtk
3.6.1
CNA
offisdcmtk
3.6.2
CNA
offisdcmtk
3.6.3
CNA
offisdcmtk
3.6.4
CNA
offisdcmtk
3.6.5
CNA
offisdcmtk
3.6.6
CNA
offisdcmtk
3.6.7
CNA
offisdcmtk
3.6.8
CNA
offisdcmtk
3.6.9
CNA
Debian logo
Debian Releases
Debian Product
Codename
dcmtk
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
3.6.5-1+deb11u6
fixed
forky
3.7.0+really3.7.0-1
fixed
sid
3.7.0+really3.7.0-2
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dcmtk
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030
https://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0
https://support.dcmtk.org/redmine/issues/1183
https://vuldb.com/?ctiid.337004
https://vuldb.com/?id.337004
https://vuldb.com/?submit.714605
https://vuldb.com/?submit.714634