CVE-2025-25475

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: DCMTK versions 3.6.9 and later

Description: A NULL pointer dereference in the component /libsrc/dcrleccd.cc allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

Recommendations: For DCMTK versions 3.6.9 and later, as a temporary workaround, consider restricting the use of the /libsrc/dcrleccd.cc component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-8713

ALT-PU-2025-8855

BDU:2025-11405

CVE-2025-25475

DLA-4227-1

MGASA-2025-0076

OPENSUSE-SU-2025:0068-1

OPENSUSE-SU-2025:14823-1

Affected Products

Alt Linux

Astra Linux

Dcmtk

Debian

Red Os

CVE-2025-25475

Weakness Enumeration

Related Identifiers

Affected Products

References · 38