| Package | dcmtk |
|---|---|
| Version | 3.6.4-2.1+deb10u5 (buster) |
| Related CVEs | CVE-2025-14607 CVE-2025-14841 |
Two vulnerabilities have been addressed in DCMTK, a collection of libraries and applications implementing large parts of the DICOM standard for medical images.
CVE-2025-14607
Possible memory corruption caused by illegal attributes in datasets which
are processed by DcmByteString functions.
CVE-2025-14841
Invalid messages sent to dcmqrscp, the Image Central Test Node, may
trigger a segmentation fault due to a NULL pointer being de-referenced.
For Debian 10 buster, these problems have been fixed in version 3.6.4-2.1+deb10u5.
We recommend that you upgrade your dcmtk packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.