PT-2025-42892 · Dcmtk+1 · Dcmtk+1

Zh_Vul

Published

2025-10-21

Updated

2025-11-03

CVE-2020-36855

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DCMTK versions up to 3.6.5

Description A security issue exists in DCMTK related to the parseQuota function within the dcmqrscp component. Manipulation of the StorageQuota argument can lead to a stack-based buffer overflow. Local access is required for exploitation, and the exploit has been publicly disclosed.

Recommendations Upgrade to version 3.6.6 or later to address this issue.

Exploit

Fix

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-121

Related Identifiers

BDU:2025-16069

CVE-2020-36855

DLA-4363-1

Affected Products

Dcmtk

Debian

PT-2025-42892 · Dcmtk+1 · Dcmtk+1

CVE-2020-36855

Weakness Enumeration

Related Identifiers

Affected Products

References · 20