CVE-2025-9732
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-31

Last updated on: 2025-09-05

Assigner: VulDB

Description
A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-31
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-08-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9732
EUVD
EUVD-2025-26296
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
offis dcmtk to 3.6.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9732 is a memory corruption vulnerability in the DCMTK library, specifically in the dcm2img tool's handling of DICOM images with the YBR color space. The vulnerability occurs because the tool does not properly validate pixel pointers when processing corrupted or malformed DICOM files, leading to illegal memory access and a segmentation fault. This happens when the pixel data contains fewer pixels than expected, causing the program to read or write outside the intended memory buffer boundaries. [1, 2, 3]

Impact Analysis

This vulnerability can cause the affected application to crash due to segmentation faults, potentially leading to denial of service. Since it involves memory corruption, it may also impact the confidentiality, integrity, and availability of the system running DCMTK. Exploitation requires local access, and once exploited, it could disrupt normal processing of medical images or other DICOM data, affecting system reliability and data handling. [1, 3]

Detection Guidance

This vulnerability is a local memory corruption issue in the DCMTK dcm2img tool when processing corrupted DICOM files with invalid pixel data. Detection involves checking the version of DCMTK installed (versions up to 3.6.9 are affected) and monitoring for segmentation faults or crashes when processing DICOM images, especially those with Photometric Interpretation "YBR_FULL" and Planar Configuration "1". There are no specific network detection commands since the vulnerability requires local access and is triggered by malformed local files. To detect the vulnerable version, you can run: `dcmtk --version` or check the package version via your system's package manager (e.g., `dpkg -l | grep dcmtk` on Debian-based systems). Additionally, monitoring system logs for crashes related to dcm2img or running dcm2img on suspect DICOM files and observing for segmentation faults can help identify the issue. [1, 3]

Mitigation Strategies

The immediate mitigation step is to apply the patch identified by commit 7ad81d69b to the DCMTK library, which fixes the vulnerability by safely handling invalid pixel data and preventing memory corruption. If patching is not immediately possible, avoid processing untrusted or malformed DICOM files with dcm2img, especially those with Photometric Interpretation "YBR_FULL" and Planar Configuration "1". Restrict local access to systems running vulnerable DCMTK versions to trusted users only. Monitoring and logging warnings about invalid image data can also help identify attempts to trigger the vulnerability. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart