CVE-2022-4981

Sažetak

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.

Reference

https://shimo.im/docs/e1Azd4dDQXUgOGqW/
https://support.dcmtk.org/redmine/issues/1026
https://vuldb.com/?ctiid.329029
https://vuldb.com/?id.329029
https://vuldb.com/?submit.673134
https://shimo.im/docs/e1Azd4dDQXUgOGqW/read

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

31-10-2025 - 14:55

Objavljeno

21-10-2025 - 15:15