Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25475

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

Published

2025-02-18T23:15:10.720

Last Modified

2025-11-04T20:40:26.633

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	offis	dcmtk	3.6.9	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245 Patch ([email protected])
https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245 Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)