← back
CVE-2022-2120

OFFIS DCMTK Path Traversal

CVSS 7.5 HIGHEPSS 2.8%CWE-23
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
OFFIS · DCMTK

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.htmlhttps://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01