CVE-2025-14607
Remote Memory Corruption in OFFIS DCMTK dcmdata Component
Publication date: 2025-12-13
Last updated on: 2025-12-13
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| offis | dcmtk | 3.7.0 |
| offis | dcmtk | 3.6.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the OFFIS DCMTK software up to version 3.6.9, specifically in the function DcmByteString::makeDicomByteString within the dcmdata component. It involves manipulation that leads to memory corruption. An attacker can exploit this vulnerability remotely. Upgrading to version 3.7.0 resolves the issue.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or segmentation faults in the DCMTK dcmqrscp tool when it receives malformed or invalid DICOM messages, especially those containing illegal odd-length text Value Representation (VR) attributes. Since the issue arises from processing such malformed DICOM datasets, detection involves capturing and analyzing network traffic for suspicious or malformed DICOM messages. You can use network packet capture tools like Wireshark or tcpdump to capture DICOM traffic on port 104 (default DICOM port) and then analyze the payload for odd-length text VR attributes or malformed datasets. Additionally, monitoring the logs of the dcmqrscp service for segmentation faults or crashes can help detect exploitation attempts. Specific commands include: 1. Capture DICOM traffic with tcpdump: tcpdump -i <interface> port 104 -w dicom_traffic.pcap 2. Analyze captured traffic with Wireshark, filtering for DICOM protocol and inspecting attribute lengths. 3. Monitor dcmqrscp logs or system logs for segmentation faults or crashes: journalctl -u dcmqrscp.service or tail -f /var/log/syslog 4. Use tools or scripts to parse DICOM files or network captures to identify odd-length text VR attributes. Since the vulnerability is triggered by illegal odd-length text VR attributes, custom scripts or tools that validate DICOM datasets for compliance can be used to detect vulnerable inputs. The best mitigation is upgrading to DCMTK version 3.7.0, which fixes the issue. [1, 2, 6]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information on how CVE-2025-14607 affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption, which may cause the affected software to behave unpredictably, potentially leading to crashes or allowing an attacker to execute arbitrary code remotely. This can compromise the confidentiality, integrity, and availability of the system using the vulnerable component.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the affected OFFIS DCMTK component to version 3.7.0, as this version contains the patch that resolves the memory corruption vulnerability in the function DcmByteString::makeDicomByteString.