DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
References
Link | Resource |
---|---|
https://github.com/DCMTK/dcmtk | Product Third Party Advisory |
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-28T09:41:00
Updated: 2024-07-09T18:13:26.233Z
Reserved: 2021-09-27T00:00:00
Link: CVE-2021-41690
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-28T13:15:10.783
Modified: 2022-07-06T19:43:33.627
Link: CVE-2021-41690
JSON object: View
Redhat Information
No data.
CWE