CVE-2025-14841
- Source
- https://cve.org/CVERecord?id=CVE-2025-14841
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14841.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-14841
- Downstream
- Related
- Published
- 2025-12-18T01:15:51.747Z
- Modified
- 2026-02-25T01:29:53.254704Z
- Severity
-
- 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.
- References
-
- https://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0
- https://support.dcmtk.org/redmine/issues/1183
- https://vuldb.com/?ctiid.337004
- https://vuldb.com/?id.337004
- https://vuldb.com/?submit.714605
- https://vuldb.com/?submit.714634
- https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030
Affected packages
Git / github.com/dcmtk/dcmtk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dcmtk/dcmtk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
CAR96-3.*
CAR96-3.0.1
CAR96-3.0.2
DCMTK-3.*
DCMTK-3.1.0
DCMTK-3.1.1
DCMTK-3.1.2
DCMTK-3.2.0
DCMTK-3.2.1
DCMTK-3.3.0
DCMTK-3.3.1
DCMTK-3.4.0
DCMTK-3.4.1
DCMTK-3.4.2
DCMTK-3.5.0
DCMTK-3.5.1
DCMTK-3.5.2
DCMTK-3.5.2a
DCMTK-3.5.3
DCMTK-3.5.4
DCMTK-3.6.0
DCMTK-3.6.1_20110225
DCMTK-3.6.1_20110519
DCMTK-3.6.1_20110707
DCMTK-3.6.1_20110922
DCMTK-3.6.1_20111208
DCMTK-3.6.1_20120222
DCMTK-3.6.1_20120515
DCMTK-3.6.1_20120831
DCMTK-3.6.1_20121102
DCMTK-3.6.1_20131114
DCMTK-3.6.1_20140617
DCMTK-3.6.1_20150217
DCMTK-3.6.1_20150629
DCMTK-3.6.1_20150924
DCMTK-3.6.1_20160216
DCMTK-3.6.1_20160630
DCMTK-3.6.1_20161102
DCMTK-3.6.1_20170228
DCMTK-3.6.2
DCMTK-3.6.3
DCMTK-3.6.4
DCMTK-3.6.5
DCMTK-3.6.5+_20191213
DCMTK-3.6.6
DCMTK-3.6.7
DCMTK-3.6.8
DCMTK-3.6.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14841.json"
vanir_signatures
[
{
"id": "CVE-2025-14841-0d7acaa1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"262739012972748116420404488377187273606",
"9124240746378094154941344543239262376",
"179827960402158148332841098675456753135",
"291237238248850997824927142513881555748",
"23918754016426770445371671689487079123",
"262739012972748116420404488377187273606",
"9124240746378094154941344543239262376",
"179827960402158148332841098675456753135",
"291237238248850997824927142513881555748",
"23918754016426770445371671689487079123"
]
},
"signature_type": "Line",
"target": {
"file": "dcmqrdb/libsrc/dcmqrdbi.cc"
},
"signature_version": "v1",
"source": "https://github.com/dcmtk/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030",
"deprecated": false
},
{
"id": "CVE-2025-14841-2c2fbace",
"digest": {
"length": 5685.0,
"function_hash": "299680055666261871280464551333849947017"
},
"signature_type": "Function",
"target": {
"file": "dcmqrdb/libsrc/dcmqrdbi.cc",
"function": "DcmQueryRetrieveIndexDatabaseHandle::startFindRequest"
},
"signature_version": "v1",
"source": "https://github.com/dcmtk/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030",
"deprecated": false
},
{
"id": "CVE-2025-14841-46e76d00",
"digest": {
"length": 5793.0,
"function_hash": "224172098353491522277283939590438813527"
},
"signature_type": "Function",
"target": {
"file": "dcmqrdb/libsrc/dcmqrdbi.cc",
"function": "DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest"
},
"signature_version": "v1",
"source": "https://github.com/dcmtk/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030",
"deprecated": false
}
]