vulnerability

Debian: CVE-2025-14607: dcmtk -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Jan 21, 2026	Jan 21, 2026	Jan 21, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Jan 21, 2026

Added

Jan 21, 2026

Modified

Jan 21, 2026

Description

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.

Solution

debian-upgrade-dcmtk

References

CVE-2025-14607
https://attackerkb.com/topics/CVE-2025-14607
CWE-119
DEBIAN-DLA-4443-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today