← Back

CVE-2025-25474

nvd nist
Published: Feb 18, 2025Modified: Nov 4, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.

Affected (2)

Offis
1 product
Dcmtk
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Dcmtk
Version 3.6.9
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: cve@mitre.org
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

Timeline

No history available yet.