DEBIAN-CVE-2021-41687

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2021-41687
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-41687.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-41687
Upstream
Published
2022-06-28T13:15:10.213Z
Modified
2025-11-17T04:23:08.298679Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.

References

Affected packages

Debian:11 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.5-1+deb11u1

Affected versions

3.*

3.6.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}