Published on July 23rd, 2019 📆 | 7065 Views ⚑0
Offis DCMTK up to 3.6.3 Image Conversion dcrledec.h decompress() DICOM File memory corruption
|CVSS Meta Temp Score||Current Exploit Price (≈)|
A vulnerability was found in Offis DCMTK up to 3.6.3 and classified as critical. Affected by this issue is the function
DcmRLEDecoder::decompress() of the file dcrledec.h of the component Image Conversion. The manipulation as part of a DICOM File leads to a memory corruption vulnerability (Code Execution). Using CWE to declare the problem leads to CWE-119. Impacted is confidentiality, integrity, and availability.
The weakness was released 07/22/2019. This vulnerability is handled as CVE-2019-1010228 since 03/20/2019. There are known technical details, but no exploit is available.
Upgrading to version 3.6.4 Commit 40917614e eliminates this vulnerability.
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Time: 🔒
Upgrade: DCMTK 3.6.4 Commit 40917614e
03/20/2019 CVE assigned Download it now for free!
07/22/2019 +124 days Advisory disclosed
07/23/2019 +1 days VulDB entry created
07/23/2019 +0 days VulDB last update
CVE: CVE-2019-1010228 (🔒)Created: 07/23/2019 06:36 AM
Download it now for free!