PT-2026-51253 · Offis · Dcmtk
Faboherrrera
·
Published
2026-06-21
·
Updated
2026-06-21
·
CVE-2026-12805
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OFFIS DCMTK versions prior to 3.7.1
Description
A heap-based buffer overflow can occur in the
XMLNode::parseFile() function within the ofstd/libsrc/ofxml.cc library. This issue allows a remote attacker to execute a manipulation that leads to the memory corruption.Recommendations
Update to a version later than 3.7.0.
As a temporary workaround, restrict the use of the
XMLNode::parseFile() function until the update is applied.Exploit
Fix
Buffer Overflow
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dcmtk