OFFIS DCMTK's (All versions prior to 3.6.7) service class...
Critical severity
Unreviewed
Published
Jun 25, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jun 24, 2022
Published to the GitHub Advisory Database
Jun 25, 2022
Last updated
Jan 27, 2023
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
References