CVE-2026-5663

OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection

CVSS 6.9 MEDIUMEPSS 1.7%CWE-77 CWE-78

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Produtos afetados

OFFIS · DCMTK

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8 https://machinespirits.com/advisory/2e1627/https://support.dcmtk.org/redmine/issues/1194 https://vuldb.com/submit/786061 https://vuldb.com/vuln/355486 https://vuldb.com/vuln/355486/cti