CVE-2026-10194
6.3 MEDIUMA weakness has been identified in OFFIS DCMTK 3.7.0
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-119, CWE-122
Description
A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. This patch is called 0f78a4ef6f645ea5530166e445e5436a5de58e75. A patch should be applied to remediate this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10194
- [Other]https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75
- [Other]https://vuldb.com/cve/CVE-2026-10194
- [Other]https://vuldb.com/submit/821029
- [Other]https://vuldb.com/vuln/367475
- [Other]https://vuldb.com/vuln/367475/cti
Related CVEs
Same CWE
- CVE-2026-52720 — A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client) (8.8 HIGH)
- CVE-2025-55661 — A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) ... (5.5 MEDIUM)
- CVE-2025-55652 — A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial ... (5.5 MEDIUM)
- CVE-2025-55648 — A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cau... (5.5 MEDIUM)
- CVE-2025-55645 — A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of... (5.5 MEDIUM)