| Package | dcmtk |
|---|---|
| Version | 3.6.4-2.1+deb10u4 (buster) |
| Related CVEs | CVE-2020-36855 CVE-2022-4981 CVE-2025-9732 |
Several vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts of the DICOM standard for medical images.
CVE-2025-9732
Processing of an invalid DICOM image with a Photometric
Interpretation of "YBR_FULL" and a Planar Configuration of "1" where
the number of pixels stored does not match the expected number of pixels.
This may lead to memory corruption.
CVE-2022-4981
Various issues in the dcmqrscp configuration file parser that could cause
application crashes when reading a malformed configuration file, due to
insufficient checks of the input data.
CVE-2020-36855
Stack-based overflow in the dcmqrscp config parser.
For Debian 10 buster, these problems have been fixed in version 3.6.4-2.1+deb10u4.
We recommend that you upgrade your dcmtk packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.