| Package | dcmtk |
|---|---|
| Version | 3.6.1~20160216-4.1+deb9u2 (stretch), 3.6.4-2.1+deb10u3 (buster) |
| Related CVEs | CVE-2022-2119 CVE-2022-2120 CVE-2025-2357 CVE-2025-25472 CVE-2025-25474 CVE-2025-25475 |
Multiple vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images.
CVE-2022-2119
Path traversal vulnerability
CVE-2022-2120
Path traversal vulnerability
CVE-2025-2357
Segfault in JPEG-LS decoder
CVE-2025-25472
DoS with invalid mono images
CVE-2025-25474
Buffer overflow with invalid images
CVE-2025-25475
NULL pointer dereference
For Debian 10 buster, these problems have been fixed in version 3.6.4-2.1+deb10u3.
For Debian 9 stretch, these problems have been fixed in version 3.6.1~20160216-4.1+deb9u2.
We recommend that you upgrade your dcmtk packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.