CVE-2021-41688

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DCMTK versions prior to 3.6.7

Description The issue is related to improper memory handling, where an object's memory is freed but its address is still used elsewhere in the program. This can lead to a double free condition when specific requests are sent to the dcmqrdb program, allowing an attacker to launch a denial-of-service (DoS) attack.

Recommendations For DCMTK versions prior to 3.6.7, update to version 3.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the dcmqrdb program to minimize the risk of exploitation.

Fix

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2024-15767

ALT-PU-2024-5081

ALT-PU-2025-4731

BDU:2025-03978

CVE-2021-41688

DLA-3847-1

DLA-4038-1

DLA-4038-2

MGASA-2023-0083

ROSA-SA-2025-2643

USN-5882-1

USN-7010-1

Affected Products

Alt Linux

Astra Linux

Dcmtk

Linuxmint

Red Os

Ubuntu

CVE-2021-41688

Weakness Enumeration

Related Identifiers

Affected Products

References · 42