DCMTK through 3.6.6 Null Pointer Dereference Vulnerability

DCMTK through 3.6.6 Null Pointer Dereference Vulnerability

CVE-2021-41689 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.

Learn more about our Web Application Penetration Testing UK.