1. CVE-Search
  2. CVE-2019-1010228
ID CVE-2019-1010228
Summary OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.
References
Vulnerable Configurations
  • cpe:2.3:a:offis:dcmtk:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-04-2022 - 17:02)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
fedora
  • FEDORA-2019-12650a34d8
  • FEDORA-2019-4349fc0afb
misc https://support.dcmtk.org/redmine/issues/858
Last major update 18-04-2022 - 17:02
Published 22-07-2019 - 17:15
Last modified 18-04-2022 - 17:02
Back to Top