CVE-2021-41687

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41687

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41687.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41687

Related

Published

2022-06-28T13:15:10Z

Modified

2024-09-18T03:16:43.355478Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.

References

Affected packages

Debian:11 / dcmtk

Package

Name: dcmtk
Purl: pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.5-1

3.6.6-1~ext1

3.6.6-1

3.6.6-2

3.6.6-3

3.6.6-4~bpo11+1

3.6.6-4

3.6.6-5~bpo11+1

3.6.6-5

3.6.7-1

3.6.7-2

3.6.7-3

3.6.7-4

3.6.7-5

3.6.7-6~bpo11+1

3.6.7-6

3.6.7-7

3.6.7-8

3.6.7-9~deb12u1

3.6.7-9

3.6.7-9.1

3.6.7-11

3.6.7-12

3.6.7-13

3.6.7-14

3.6.7-15

3.6.8~git20221024.b8950f9-1

3.6.8~git20221024.b8950f9-2

3.6.8~git20221024.b8950f9-3

3.6.8~git20231027.1549d8c-1

3.6.8~git20231027.1549d8c-2

3.6.8-1

3.6.8-2

3.6.8-3

3.6.8-4

3.6.8-5

3.6.8-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dcmtk

Package

Name: dcmtk
Purl: pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dcmtk

Package

Name: dcmtk
Purl: pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/dcmtk/dcmtk

Affected ranges

Type: GIT
Repo: https://github.com/dcmtk/dcmtk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a9697dfeb672b0b9412c00c7d36d801e27ec85cb

Affected versions

CAR96-3.*

CAR96-3.0.1

CAR96-3.0.2

DCMTK-3.*

DCMTK-3.1.0

DCMTK-3.1.1

DCMTK-3.1.2

DCMTK-3.2.0

DCMTK-3.2.1

DCMTK-3.3.0

DCMTK-3.3.1

DCMTK-3.4.0

DCMTK-3.4.1

DCMTK-3.4.2

DCMTK-3.5.0

DCMTK-3.5.1

DCMTK-3.5.2

DCMTK-3.5.2a

DCMTK-3.5.3

DCMTK-3.5.4

DCMTK-3.6.0

DCMTK-3.6.1_20110225

DCMTK-3.6.1_20110519

DCMTK-3.6.1_20110707

DCMTK-3.6.1_20110922

DCMTK-3.6.1_20111208

DCMTK-3.6.1_20120222

DCMTK-3.6.1_20120515

DCMTK-3.6.1_20120831

DCMTK-3.6.1_20121102

DCMTK-3.6.1_20131114

DCMTK-3.6.1_20140617

DCMTK-3.6.1_20150217

DCMTK-3.6.1_20150629

DCMTK-3.6.1_20150924

DCMTK-3.6.1_20160216

DCMTK-3.6.1_20160630

DCMTK-3.6.1_20161102

DCMTK-3.6.1_20170228

DCMTK-3.6.2

DCMTK-3.6.3

DCMTK-3.6.4

DCMTK-3.6.5

DCMTK-3.6.5+_20191213

DCMTK-3.6.6