CVE-2025-14607
Publication date 15 December 2025
Last updated 15 December 2025
Ubuntu priority
Description
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| dcmtk | 25.10 questing |
Needs evaluation
|
| 25.04 plucky |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-14607
- https://support.dcmtk.org/redmine/issues/1184
- https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a
- https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02
- https://support.dcmtk.org/redmine/versions/19
- https://vuldb.com/?ctiid.336283
- https://vuldb.com/?id.336283
- https://vuldb.com/?submit.705036