CVE-2022-4981
BaseFortify
Publication date: 2025-10-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| offis | dcmtk | to 3.6.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Upgrade the affected DCMTK component to version 3.6.8 or later, as this version contains the patch that resolves the vulnerability.
Can you explain this vulnerability to me?
This vulnerability exists in DCMTK up to version 3.6.7, specifically in the function DcmQueryRetrieveConfig::readPeerList within the dcmqrscp component. It causes a null pointer dereference when manipulated, which can lead to a crash or denial of service. The attack requires local access to exploit.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the affected application due to a null pointer dereference. Since the attack requires local access, it may impact availability if exploited by an authorized user or attacker with local access.