CVE-2025-14841

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions up to 3.6.9

Description A flaw exists in the DCMTK library, specifically within the DcmQueryRetrieveIndexDatabaseHandle::startFindRequest and DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest functions located in the dcmqrdb/libsrc/dcmqrdbi.cc file of the dcmqrscp component. This manipulation can lead to a null pointer dereference. Local access is required for exploitation.

Recommendations Upgrade to version 3.7.0 to resolve this issue.

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

BDU:2026-07521

CVE-2025-14841

MGASA-2026-0040

OPENSUSE-SU-2026:10006-1

Affected Products

Dcmtk

Debian

CVE-2025-14841

Weakness Enumeration

Related Identifiers

Affected Products

References · 27