← back
CVE-2022-2119

OFFIS DCMTK Path Traversal

CVSS 7.5 HIGHEPSS 2.8%CWE-22
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
OFFIS · DCMTK

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.htmlhttps://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01