OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference_CVE-2025-14841

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.

Basic Information

ID CVE-2025-14841

Source VulDB

Published Dec 18, 2025 at 00:02

Affected Product

Vendor OFFIS

Product DCMTK

Version 3.6.0

Affected Versions OFFIS DCMTK 3.6.0
OFFIS DCMTK 3.6.1
OFFIS DCMTK 3.6.2
OFFIS DCMTK 3.6.3
OFFIS DCMTK 3.6.4
OFFIS DCMTK 3.6.5
OFFIS DCMTK 3.6.6
OFFIS DCMTK 3.6.7
OFFIS DCMTK 3.6.8
OFFIS DCMTK 3.6.9

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.",
    "published": "2025-12-18T00:02:08.256Z",
    "modified": "2025-12-18T00:02:08.256Z",
    "type": "cve",
    "title": "OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.337004\nhttps://vuldb.com/?ctiid.337004\nhttps://vuldb.com/?submit.714605\nhttps://vuldb.com/?submit.714634\nhttps://support.dcmtk.org/redmine/issues/1183\nhttps://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030\nhttps://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0",
    "id": "CVE-2025-14841",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "OFFIS DCMTK 3.6.0\nOFFIS DCMTK 3.6.1\nOFFIS DCMTK 3.6.2\nOFFIS DCMTK 3.6.3\nOFFIS DCMTK 3.6.4\nOFFIS DCMTK 3.6.5\nOFFIS DCMTK 3.6.6\nOFFIS DCMTK 3.6.7\nOFFIS DCMTK 3.6.8\nOFFIS DCMTK 3.6.9",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DCMTK",
    "version": "3.6.0",
    "vendor": "OFFIS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}