CVE-2025-9732
BaseFortify
Publication date: 2025-08-31
Last updated on: 2025-09-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| offis | dcmtk | to 3.6.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9732 is a memory corruption vulnerability in the DCMTK library, specifically in the dcm2img tool's handling of DICOM images with the YBR color space. The vulnerability occurs because the tool does not properly validate pixel pointers when processing corrupted or malformed DICOM files, leading to illegal memory access and a segmentation fault. This happens when the pixel data contains fewer pixels than expected, causing the program to read or write outside the intended memory buffer boundaries. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause the affected application to crash due to segmentation faults, potentially leading to denial of service. Since it involves memory corruption, it may also impact the confidentiality, integrity, and availability of the system running DCMTK. Exploitation requires local access, and once exploited, it could disrupt normal processing of medical images or other DICOM data, affecting system reliability and data handling. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local memory corruption issue in the DCMTK dcm2img tool when processing corrupted DICOM files with invalid pixel data. Detection involves checking the version of DCMTK installed (versions up to 3.6.9 are affected) and monitoring for segmentation faults or crashes when processing DICOM images, especially those with Photometric Interpretation "YBR_FULL" and Planar Configuration "1". There are no specific network detection commands since the vulnerability requires local access and is triggered by malformed local files. To detect the vulnerable version, you can run: `dcmtk --version` or check the package version via your system's package manager (e.g., `dpkg -l | grep dcmtk` on Debian-based systems). Additionally, monitoring system logs for crashes related to dcm2img or running dcm2img on suspect DICOM files and observing for segmentation faults can help identify the issue. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit 7ad81d69b to the DCMTK library, which fixes the vulnerability by safely handling invalid pixel data and preventing memory corruption. If patching is not immediately possible, avoid processing untrusted or malformed DICOM files with dcm2img, especially those with Photometric Interpretation "YBR_FULL" and Planar Configuration "1". Restrict local access to systems running vulnerable DCMTK versions to trusted users only. Monitoring and logging warnings about invalid image data can also help identify attempts to trigger the vulnerability. [2, 3]