CVE-2025-14841
Null Pointer Dereference in OFFIS DCMTK dcmqrscp Component
Publication date: 2025-12-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| offis | dcmtk | 3.6.9 |
| offis | dcmtk | 3.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14841 is a null pointer dereference vulnerability in the OFFIS DCMTK library up to version 3.6.9, specifically in the dcmqrscp component. It occurs in the functions startFindRequest and startMoveRequest when handling invalid or unknown input, which leads to dereferencing a NULL pointer. This causes the application to crash or exit unexpectedly, resulting in a denial of service. Exploitation requires local access and is considered easy. The issue was fixed in version 3.7.0 by adding checks to prevent copying from NULL pointers. [1, 3, 4, 5, 6]
How can this vulnerability impact me? :
This vulnerability can cause the DCMTK dcmqrscp service to crash due to a null pointer dereference, leading to a denial of service (DoS) condition. This means that the affected application or service becomes unavailable, potentially disrupting operations that rely on DICOM query/retrieve functionality. Since exploitation requires local access, an attacker with such access can cause service interruptions. [1, 3, 4, 6]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes the dcmqrscp service in OFFIS DCMTK (up to version 3.6.9) to crash due to a NULL pointer dereference when handling certain invalid DICOM query/retrieve requests. Detection can involve monitoring the dcmqrscp service for unexpected crashes or segmentation faults. Since exploitation requires local access and triggers a denial of service, checking system logs for crashes related to dcmqrscp or running the service under a debugger to catch segmentation faults may help. There is no specific command-line detection tool or signature provided in the resources. However, you can monitor the process status with commands like 'ps' or 'systemctl status dcmqrscp' and check logs for crashes. Additionally, testing with crafted DICOM query or move requests that trigger the NULL pointer dereference (if safe and controlled) can confirm vulnerability presence. [1, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to upgrade OFFIS DCMTK to version 3.7.0 or later, which includes a patch that fixes the NULL pointer dereference issue in the dcmqrscp component. The patch adds proper NULL checks before copying strings in the affected functions, preventing crashes. Until the upgrade can be applied, limiting local access to the affected system and monitoring the dcmqrscp service for crashes can reduce risk. The patch and updated version are available on the official DCMTK GitHub repository. [1, 2, 5, 6]