Offis · Dcmtk · CVE-2026-10194
**Name of the Vulnerable Software and Affected Versions**
OFFIS DCMTK version 3.7.0
**Description**
A heap-based buffer overflow can be triggered remotely within the `dcmqrscp` component. The issue resides in the `DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages()` function located in the `dcmqrdb/libsrc/dcmqrdbi.cc` file.
**Recommendations**
Apply patch 0f78a4ef6f645ea5530166e445e5436a5de58e75 to version 3.7.0.