CVE-2021-41689

Published: Jun 28, 2022Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.

Affected (1)

Products: Offis: Dcmtk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Offis Dcmtk	Up to 3.6.6

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (7)

https://github.com/DCMTK/dcmtk

Source: cve@mitre.org

ProductThird Party Advisory

https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html

Source: cve@mitre.org

https://github.com/DCMTK/dcmtk

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.