csaf_opensuse - opensuse-su-2023:0108-1

opensuse-su-2023:0108-1

Vulnerability from csaf_opensuse

Published

2023-05-14 22:01

Modified

2023-05-14 22:01

Summary

Security update for dcmtk

Notes

Title of the patch

Security update for dcmtk

Description of the patch

This update for dcmtk fixes the following issues: - CVE-2022-43272: Fixed memory leak via the T_ASC_Association object (boo#1206070) - Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637, CVE-2022-2121, CVE-2022-2120, CVE-2022-2119) - CVE-2022-2121: Fixed possible DoS via NULL pointer dereference - CVE-2022-2120: Fixed relative path traversal vulnerability - CVE-2022-2119: Fixed path traversal vulnerability See DOCS/CHANGES.367 for the full list of changes * Updated code definitions for DICOM 2022b * Fixed possible NULL pointer dereference

Patchnames

openSUSE-2023-108

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dcmtk",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for dcmtk fixes the following issues:\n\n- CVE-2022-43272: Fixed memory leak via the T_ASC_Association object (boo#1206070)\n\n- Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637,\n  CVE-2022-2121, CVE-2022-2120, CVE-2022-2119)\n  - CVE-2022-2121: Fixed possible DoS via NULL pointer dereference\n  - CVE-2022-2120: Fixed relative path traversal vulnerability\n  - CVE-2022-2119: Fixed path traversal vulnerability\n\n  See DOCS/CHANGES.367 for the full list of changes\n\n  * Updated code definitions for DICOM 2022b\n  * Fixed possible NULL pointer dereference\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2023-108",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0108-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2023:0108-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKL5XGJX4U2PD4XAVAZG2YAU2LYKLQIH/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2023:0108-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKL5XGJX4U2PD4XAVAZG2YAU2LYKLQIH/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206070",
        "url": "https://bugzilla.suse.com/1206070"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208637",
        "url": "https://bugzilla.suse.com/1208637"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208638",
        "url": "https://bugzilla.suse.com/1208638"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208639",
        "url": "https://bugzilla.suse.com/1208639"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2119 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2119/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2120 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2120/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2121 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2121/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-43272 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-43272/"
      }
    ],
    "title": "Security update for dcmtk",
    "tracking": {
      "current_release_date": "2023-05-14T22:01:36Z",
      "generator": {
        "date": "2023-05-14T22:01:36Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2023:0108-1",
      "initial_release_date": "2023-05-14T22:01:36Z",
      "revision_history": [
        {
          "date": "2023-05-14T22:01:36Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.i586",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.i586",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.s390x",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.s390x",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP4",
                "product": {
                  "name": "SUSE Package Hub 15 SP4",
                  "product_id": "SUSE Package Hub 15 SP4"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.i586 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-2119",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2119"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2119",
          "url": "https://www.suse.com/security/cve/CVE-2022-2119"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208637 for CVE-2022-2119",
          "url": "https://bugzilla.suse.com/1208637"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2022-2119"
    },
    {
      "cve": "CVE-2022-2120",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2120"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2120",
          "url": "https://www.suse.com/security/cve/CVE-2022-2120"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208638 for CVE-2022-2120",
          "url": "https://bugzilla.suse.com/1208638"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2022-2120"
    },
    {
      "cve": "CVE-2022-2121",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2121"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2121",
          "url": "https://www.suse.com/security/cve/CVE-2022-2121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208639 for CVE-2022-2121",
          "url": "https://bugzilla.suse.com/1208639"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-2121"
    },
    {
      "cve": "CVE-2022-43272",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-43272"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-43272",
          "url": "https://www.suse.com/security/cve/CVE-2022-43272"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206070 for CVE-2022-43272",
          "url": "https://bugzilla.suse.com/1206070"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-43272"
    }
  ]
}

CVE-2022-2121 (GCVE-0-2022-2121)

Vulnerability from cvelistv5

Published

2022-06-24 15:00

Modified

2024-09-17 03:58

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.

References

▼	URL	Tags
	https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01
	https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html	mailing-list

Impacted products

	Vendor	Product	Version
	OFFIS	DCMTK	Version: unspecified < 3.6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dcmtk",
            "vendor": "offis",
            "versions": [
              {
                "lessThan": "3.6.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T20:06:15.328916Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T20:06:53.922Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
          },
          {
            "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DCMTK",
          "vendor": "OFFIS",
          "versions": [
            {
              "lessThan": "3.6.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-28T19:06:16.657629",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
        },
        {
          "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
        }
      ],
      "source": {
        "advisory": "ICSMA-22-174-01",
        "discovery": "UNKNOWN"
      },
      "title": "OFFIS DCMTK NULL Pointer Dereference",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-2121",
    "datePublished": "2022-06-24T15:00:19.612390Z",
    "dateReserved": "2022-06-17T00:00:00",
    "dateUpdated": "2024-09-17T03:58:59.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43272 (GCVE-0-2022-43272)

Vulnerability from cvelistv5

Published

2022-12-02 00:00

Modified

2024-08-03 13:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.

References

▼	URL	Tags
	https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw
	https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:offis:dcmtk:3.6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dcmtk",
            "vendor": "offis",
            "versions": [
              {
                "status": "affected",
                "version": "3.6.7"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-43272",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T16:53:28.265409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T16:58:53.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:26:02.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"
          },
          {
            "name": "FEDORA-2023-fe6fa5696e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/"
          },
          {
            "name": "FEDORA-2023-83b529bd34",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/"
          },
          {
            "name": "FEDORA-2023-eda976b192",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/"
          },
          {
            "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-28T19:06:13.523663",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"
        },
        {
          "url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"
        },
        {
          "name": "FEDORA-2023-fe6fa5696e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/"
        },
        {
          "name": "FEDORA-2023-83b529bd34",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/"
        },
        {
          "name": "FEDORA-2023-eda976b192",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/"
        },
        {
          "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-43272",
    "datePublished": "2022-12-02T00:00:00",
    "dateReserved": "2022-10-17T00:00:00",
    "dateUpdated": "2024-08-03T13:26:02.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2120 (GCVE-0-2022-2120)

Vulnerability from cvelistv5

Published

2022-06-24 15:00

Modified

2025-04-16 17:52

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-23 - Relative Path Traversal

Summary

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

References

▼	URL	Tags
	https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OFFIS	DCMTK	Version: unspecified < 3.6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2120",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T17:28:32.967909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T17:52:09.601Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DCMTK",
          "vendor": "OFFIS",
          "versions": [
            {
              "lessThan": "3.6.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:18.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
        }
      ],
      "source": {
        "advisory": "ICSMA-22-174-01",
        "discovery": "UNKNOWN"
      },
      "title": "OFFIS DCMTK Path Traversal",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2022-06-23T22:19:00.000Z",
          "ID": "CVE-2022-2120",
          "STATE": "PUBLIC",
          "TITLE": "OFFIS DCMTK Path Traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DCMTK",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.6.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OFFIS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-23 Relative Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
            }
          ]
        },
        "source": {
          "advisory": "ICSMA-22-174-01",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-2120",
    "datePublished": "2022-06-24T15:00:18.707Z",
    "dateReserved": "2022-06-17T00:00:00.000Z",
    "dateUpdated": "2025-04-16T17:52:09.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2119 (GCVE-0-2022-2119)

Vulnerability from cvelistv5

Published

2022-06-24 15:00

Modified

2025-04-16 17:52

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

References

▼	URL	Tags
	https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OFFIS	DCMTK	Version: unspecified < 3.6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T17:28:29.247124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T17:52:02.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DCMTK",
          "vendor": "OFFIS",
          "versions": [
            {
              "lessThan": "3.6.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:20.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
        }
      ],
      "source": {
        "advisory": "ICSMA-22-174-01",
        "discovery": "UNKNOWN"
      },
      "title": "OFFIS DCMTK Path Traversal",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2022-06-23T22:19:00.000Z",
          "ID": "CVE-2022-2119",
          "STATE": "PUBLIC",
          "TITLE": "OFFIS DCMTK Path Traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DCMTK",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.6.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OFFIS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
            }
          ]
        },
        "source": {
          "advisory": "ICSMA-22-174-01",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-2119",
    "datePublished": "2022-06-24T15:00:20.534Z",
    "dateReserved": "2022-06-17T00:00:00.000Z",
    "dateUpdated": "2025-04-16T17:52:02.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2023:0108-1

Vulnerability from csaf_opensuse

CVE-2022-2121 (GCVE-0-2022-2121)

Vulnerability from cvelistv5

CVE-2022-43272 (GCVE-0-2022-43272)

Vulnerability from cvelistv5

CVE-2022-2120 (GCVE-0-2022-2120)

Vulnerability from cvelistv5

CVE-2022-2119 (GCVE-0-2022-2119)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature