CVE-2025-14607

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-14607

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14607.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-14607

Downstream

DEBIAN-CVE-2025-14607

DLA-4443-1

UBUNTU-CVE-2025-14607

Related

MGASA-2026-0040

Published

2025-12-13T16:16:52.840Z

Modified

2026-02-26T01:23:16.197502Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

References

Affected packages

Git / github.com/dcmtk/dcmtk

Affected ranges

Type: GIT
Repo: https://github.com/dcmtk/dcmtk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4c0e5c10079392c594d6a7abd95dd78ac0aa556a

Affected versions

CAR96-3.*

CAR96-3.0.1

CAR96-3.0.2

DCMTK-3.*

DCMTK-3.1.0

DCMTK-3.1.1

DCMTK-3.1.2

DCMTK-3.2.0

DCMTK-3.2.1

DCMTK-3.3.0

DCMTK-3.3.1

DCMTK-3.4.0

DCMTK-3.4.1

DCMTK-3.4.2

DCMTK-3.5.0

DCMTK-3.5.1

DCMTK-3.5.2

DCMTK-3.5.2a

DCMTK-3.5.3

DCMTK-3.5.4

DCMTK-3.6.0

DCMTK-3.6.1_20110225

DCMTK-3.6.1_20110519

DCMTK-3.6.1_20110707

DCMTK-3.6.1_20110922

DCMTK-3.6.1_20111208

DCMTK-3.6.1_20120222

DCMTK-3.6.1_20120515

DCMTK-3.6.1_20120831

DCMTK-3.6.1_20121102

DCMTK-3.6.1_20131114

DCMTK-3.6.1_20140617

DCMTK-3.6.1_20150217

DCMTK-3.6.1_20150629

DCMTK-3.6.1_20150924

DCMTK-3.6.1_20160216

DCMTK-3.6.1_20160630

DCMTK-3.6.1_20161102

DCMTK-3.6.1_20170228

DCMTK-3.6.2

DCMTK-3.6.3

DCMTK-3.6.4

DCMTK-3.6.5

DCMTK-3.6.5+_20191213

DCMTK-3.6.6

DCMTK-3.6.7

DCMTK-3.6.8

DCMTK-3.6.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14607.json"

vanir_signatures

[
    {
        "id": "CVE-2025-14607-64642db1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "73545422927153429131512589697908048311",
                "8671083482748377982441463152476496979",
                "78244343071687762503845649104775409006",
                "244107314442382010375431521812163202551",
                "211506829738861490925023559097797150655"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "dcmdata/libsrc/dcbytstr.cc"
        },
        "signature_version": "v1",
        "source": "https://github.com/dcmtk/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a",
        "deprecated": false
    },
    {
        "id": "CVE-2025-14607-c73ce97a",
        "digest": {
            "length": 658.0,
            "function_hash": "29070500142122141777263016099485125433"
        },
        "signature_type": "Function",
        "target": {
            "file": "dcmdata/libsrc/dcbytstr.cc",
            "function": "DcmByteString::newValueField"
        },
        "signature_version": "v1",
        "source": "https://github.com/dcmtk/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a",
        "deprecated": false
    }
]