DEBIAN-CVE-2022-2119

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2022-2119
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-2119.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-2119
Upstream
Published
2022-06-24T15:15:10Z
Modified
2025-09-19T07:32:09.219741Z
Summary
[none]
Details

OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

References

Affected packages

Debian:11 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.5-1+deb11u4

Affected versions

3.*

3.6.5-1
3.6.5-1+deb11u1
3.6.5-1+deb11u2
3.6.5-1+deb11u3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7-6

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7-6

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / dcmtk

Package

Name
dcmtk
Purl
pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7-6

Ecosystem specific 

{
    "urgency": "not yet assigned"
}