CVE-2025-14607
Unknown Unknown - Not Provided
Remote Memory Corruption in OFFIS DCMTK dcmdata Component

Publication date: 2025-12-13

Last updated on: 2025-12-13

Assigner: VulDB

Description
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-13
Last Modified
2025-12-13
Generated
2026-06-16
AI Q&A
2025-12-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14607
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
offis dcmtk 3.7.0
offis dcmtk 3.6.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by monitoring for crashes or segmentation faults in the DCMTK dcmqrscp tool when it receives malformed or invalid DICOM messages, especially those containing illegal odd-length text Value Representation (VR) attributes. Since the issue arises from processing such malformed DICOM datasets, detection involves capturing and analyzing network traffic for suspicious or malformed DICOM messages. You can use network packet capture tools like Wireshark or tcpdump to capture DICOM traffic on port 104 (default DICOM port) and then analyze the payload for odd-length text VR attributes or malformed datasets. Additionally, monitoring the logs of the dcmqrscp service for segmentation faults or crashes can help detect exploitation attempts. Specific commands include: 1. Capture DICOM traffic with tcpdump: tcpdump -i <interface> port 104 -w dicom_traffic.pcap 2. Analyze captured traffic with Wireshark, filtering for DICOM protocol and inspecting attribute lengths. 3. Monitor dcmqrscp logs or system logs for segmentation faults or crashes: journalctl -u dcmqrscp.service or tail -f /var/log/syslog 4. Use tools or scripts to parse DICOM files or network captures to identify odd-length text VR attributes. Since the vulnerability is triggered by illegal odd-length text VR attributes, custom scripts or tools that validate DICOM datasets for compliance can be used to detect vulnerable inputs. The best mitigation is upgrading to DCMTK version 3.7.0, which fixes the issue. [1, 2, 6]

Compliance Impact

The provided resources do not contain information on how CVE-2025-14607 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the OFFIS DCMTK software up to version 3.6.9, specifically in the function DcmByteString::makeDicomByteString within the dcmdata component. It involves manipulation that leads to memory corruption. An attacker can exploit this vulnerability remotely. Upgrading to version 3.7.0 resolves the issue.

Impact Analysis

The vulnerability can lead to memory corruption, which may cause the affected software to behave unpredictably, potentially leading to crashes or allowing an attacker to execute arbitrary code remotely. This can compromise the confidentiality, integrity, and availability of the system using the vulnerable component.

Mitigation Strategies

Upgrade the affected OFFIS DCMTK component to version 3.7.0, as this version contains the patch that resolves the memory corruption vulnerability in the function DcmByteString::makeDicomByteString.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14607. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart