DEBIAN-CVE-2026-10194

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2026-10194
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10194.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-10194
Upstream
  • CVE-2026-10194
Published
2026-05-31T17:16:31.577Z
Modified
2026-06-01T09:00:07.749571571Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. This patch is called 0f78a4ef6f645ea5530166e445e5436a5de58e75. A patch should be applied to remediate this issue.

References

Affected packages

Debian:11 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source&distro=bullseye

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.6.5-1
3.6.5-1+deb11u1
3.6.5-1+deb11u2
3.6.5-1+deb11u3
3.6.5-1+deb11u4
3.6.5-1+deb11u5
3.6.5-1+deb11u6
3.6.6-1~ext1
3.6.6-1
3.6.6-2
3.6.6-3
3.6.6-4~bpo11+1
3.6.6-4
3.6.6-5~bpo11+1
3.6.6-5
3.6.7-1
3.6.7-2
3.6.7-3
3.6.7-4
3.6.7-5
3.6.7-6~bpo11+1
3.6.7-6
3.6.7-7
3.6.7-8
3.6.7-9~deb12u1
3.6.7-9~deb12u2
3.6.7-9~deb12u3
3.6.7-9
3.6.7-9.1
3.6.7-11
3.6.7-12
3.6.7-13
3.6.7-14
3.6.7-15
3.6.8~git20221024.b8950f9-1
3.6.8~git20221024.b8950f9-2
3.6.8~git20221024.b8950f9-3
3.6.8~git20231027.1549d8c-1
3.6.8~git20231027.1549d8c-2
3.6.8-1
3.6.8-2
3.6.8-3
3.6.8-4
3.6.8-5
3.6.8-6
3.6.8-7
3.6.9-1
3.6.9-2
3.6.9-3
3.6.9-4
3.6.9-5
3.6.9-6
3.7.0-1
3.7.0+really3.6.9-1
3.7.0+really3.7.0-0+exp1
3.7.0+really3.7.0-1
3.7.0+really3.7.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10194.json"

Debian:12 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source&distro=bookworm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.6.7-8
3.6.7-9~deb12u1
3.6.7-9~deb12u2
3.6.7-9~deb12u3
3.6.7-9
3.6.7-9.1
3.6.7-11
3.6.7-12
3.6.7-13
3.6.7-14
3.6.7-15
3.6.8~git20221024.b8950f9-1
3.6.8~git20221024.b8950f9-2
3.6.8~git20221024.b8950f9-3
3.6.8~git20231027.1549d8c-1
3.6.8~git20231027.1549d8c-2
3.6.8-1
3.6.8-2
3.6.8-3
3.6.8-4
3.6.8-5
3.6.8-6
3.6.8-7
3.6.9-1
3.6.9-2
3.6.9-3
3.6.9-4
3.6.9-5
3.6.9-6
3.7.0-1
3.7.0+really3.6.9-1
3.7.0+really3.7.0-0+exp1
3.7.0+really3.7.0-1
3.7.0+really3.7.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10194.json"

Debian:13 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.6.9-5
3.6.9-6
3.7.0-1
3.7.0+really3.6.9-1
3.7.0+really3.7.0-0+exp1
3.7.0+really3.7.0-1
3.7.0+really3.7.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10194.json"

Debian:14 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.6.9-5
3.6.9-6
3.7.0-1
3.7.0+really3.6.9-1
3.7.0+really3.7.0-0+exp1
3.7.0+really3.7.0-1
3.7.0+really3.7.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10194.json"