DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dcmtk | Offis | * | 3.6.6 (including) |
Dcmtk | Ubuntu | bionic | * |
Dcmtk | Ubuntu | esm-apps/bionic | * |
Dcmtk | Ubuntu | esm-apps/focal | * |
Dcmtk | Ubuntu | esm-apps/jammy | * |
Dcmtk | Ubuntu | esm-apps/xenial | * |
Dcmtk | Ubuntu | focal | * |
Dcmtk | Ubuntu | impish | * |
Dcmtk | Ubuntu | jammy | * |
Dcmtk | Ubuntu | upstream | * |