CVE-2021-41690

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DCMTK versions 3.6.6 and earlier

Description The issue is related to improper memory handling in the DCMTK library, specifically with the global variable LST, which records allocated memory for storing file information but does not free it properly. This can lead to a memory leak when specific requests are sent to the dcmqrdb program, allowing an attacker to launch a denial-of-service (DoS) attack.

Recommendations For DCMTK versions 3.6.6 and earlier, as a temporary workaround, consider restricting access to the dcmqrdb program to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2024-15767

ALT-PU-2024-5081

ALT-PU-2025-4731

BDU:2025-03972

CVE-2021-41690

DLA-3847-1

DLA-4038-1

DLA-4038-2

MGASA-2023-0083

ROSA-SA-2025-2643

USN-5882-1

USN-7010-1

Affected Products

Alt Linux

Astra Linux

Dcmtk

Linuxmint

Red Os

Ubuntu

CVE-2021-41690

Weakness Enumeration

Related Identifiers

Affected Products

References · 42