CVE-2025-14841
Unknown Unknown - Not Provided
Null Pointer Dereference in OFFIS DCMTK dcmqrscp Component

Publication date: 2025-12-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14841
EUVD
EUVD-2025-204021
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
offis dcmtk 3.6.9
offis dcmtk 3.7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14841 is a null pointer dereference vulnerability in the OFFIS DCMTK library up to version 3.6.9, specifically in the dcmqrscp component. It occurs in the functions startFindRequest and startMoveRequest when handling invalid or unknown input, which leads to dereferencing a NULL pointer. This causes the application to crash or exit unexpectedly, resulting in a denial of service. Exploitation requires local access and is considered easy. The issue was fixed in version 3.7.0 by adding checks to prevent copying from NULL pointers. [1, 3, 4, 5, 6]

Impact Analysis

This vulnerability can cause the DCMTK dcmqrscp service to crash due to a null pointer dereference, leading to a denial of service (DoS) condition. This means that the affected application or service becomes unavailable, potentially disrupting operations that rely on DICOM query/retrieve functionality. Since exploitation requires local access, an attacker with such access can cause service interruptions. [1, 3, 4, 6]

Detection Guidance

This vulnerability causes the dcmqrscp service in OFFIS DCMTK (up to version 3.6.9) to crash due to a NULL pointer dereference when handling certain invalid DICOM query/retrieve requests. Detection can involve monitoring the dcmqrscp service for unexpected crashes or segmentation faults. Since exploitation requires local access and triggers a denial of service, checking system logs for crashes related to dcmqrscp or running the service under a debugger to catch segmentation faults may help. There is no specific command-line detection tool or signature provided in the resources. However, you can monitor the process status with commands like 'ps' or 'systemctl status dcmqrscp' and check logs for crashes. Additionally, testing with crafted DICOM query or move requests that trigger the NULL pointer dereference (if safe and controlled) can confirm vulnerability presence. [1, 3, 4]

Mitigation Strategies

The immediate and recommended mitigation is to upgrade OFFIS DCMTK to version 3.7.0 or later, which includes a patch that fixes the NULL pointer dereference issue in the dcmqrscp component. The patch adds proper NULL checks before copying strings in the affected functions, preventing crashes. Until the upgrade can be applied, limiting local access to the affected system and monitoring the dcmqrscp service for crashes can reduce risk. The patch and updated version are available on the official DCMTK GitHub repository. [1, 2, 5, 6]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14841. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart