CVE-2025-14607
📋 TL;DR
A memory corruption vulnerability in OFFIS DCMTK's DcmByteString::makeDicomByteString function allows remote attackers to potentially execute arbitrary code or cause denial of service. This affects all systems running DCMTK up to version 3.6.9 that process DICOM data from untrusted sources.
💻 Affected Systems
- OFFIS DCMTK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Application crash causing denial of service for DICOM processing functionality.
If Mitigated
Limited impact with proper network segmentation and input validation in place.
🎯 Exploit Status
Remote exploitation is possible without authentication, but requires specific DICOM data manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.7.0
Vendor Advisory: https://support.dcmtk.org/redmine/issues/1184
Restart Required: Yes
Instructions:
1. Download DCMTK 3.7.0 from official sources. 2. Stop all DCMTK services. 3. Backup configuration and data. 4. Install new version following platform-specific instructions. 5. Restart services.
🔧 Temporary Workarounds
Network Segmentation
allIsolate DCMTK systems from untrusted networks and implement strict firewall rules.
Input Validation
allImplement strict validation of all incoming DICOM files before processing.
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted sources only.
- Deploy application-level firewalls or WAFs to inspect and filter DICOM traffic.
🔍 How to Verify
Check if Vulnerable:
Check DCMTK version: dcmdump --version | grep 'OFFIS DCMTK'Check Version:
dcmdump --versionVerify Fix Applied:
Verify version is 3.7.0 or higher: dcmdump --version📡 Detection & Monitoring
Log Indicators:
- Application crashes in dcmtk processes
- Memory access violation errors
- Unusual DICOM file processing patterns
Network Indicators:
- Unusual DICOM traffic patterns
- Multiple failed DICOM associations from single source
SIEM Query:
source="dcmtk.log" AND ("segmentation fault" OR "memory corruption" OR "access violation")🔗 References
- https://github.com/DCMTK/dcmtk/commit/4c0e5c10079392c594d6a7abd95dd78ac0aa556a
- https://support.dcmtk.org/redmine/issues/1184
- https://support.dcmtk.org/redmine/projects/dcmtk/activity?from=2025-12-02
- https://support.dcmtk.org/redmine/versions/19
- https://vuldb.com/?ctiid.336283
- https://vuldb.com/?id.336283
- https://vuldb.com/?submit.705036
