CVE-2025-14841
📋 TL;DR
A null pointer dereference vulnerability exists in OFFIS DCMTK's DICOM Query/Retrieve Service Class Provider (dcmqrscp) component. This flaw allows local attackers to cause denial of service by crashing the service. Only systems running DCMTK's dcmqrscp service with affected versions are impacted.
💻 Affected Systems
- OFFIS DCMTK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for the DICOM query/retrieve service, disrupting medical imaging workflows and potentially affecting patient care continuity.
Likely Case
Service crash requiring manual restart, causing temporary disruption to DICOM query/retrieve operations.
If Mitigated
Minimal impact with proper access controls preventing local unauthorized access to the service.
🎯 Exploit Status
Exploitation requires local access to trigger the vulnerable functions via DICOM query/retrieve operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.7.0
Vendor Advisory: https://support.dcmtk.org/redmine/issues/1183
Restart Required: Yes
Instructions:
1. Download DCMTK 3.7.0 from official repository. 2. Compile and install following DCMTK documentation. 3. Restart dcmqrscp service. 4. Verify version with dcmqrscp --version
🔧 Temporary Workarounds
Restrict Local Access
allLimit local system access to only authorized users and processes
Service Monitoring and Auto-restart
allImplement monitoring to detect and automatically restart crashed dcmqrscp service
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local users from accessing the dcmqrscp service
- Deploy monitoring with alerting for service crashes and implement manual restart procedures
🔍 How to Verify
Check if Vulnerable:
Check DCMTK version: dcmqrscp --version | grep -i version. If version is 3.6.9 or earlier, system is vulnerable.Check Version:
dcmqrscp --versionVerify Fix Applied:
After upgrade, verify version is 3.7.0 or later with: dcmqrscp --version📡 Detection & Monitoring
Log Indicators:
- Segmentation fault or crash logs from dcmqrscp process
- Unexpected service termination in system logs
Network Indicators:
- Sudden drop in DICOM query/retrieve service availability
SIEM Query:
process_name:"dcmqrscp" AND (event_type:"crash" OR exit_code:139)🔗 References
- https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030
- https://github.com/DCMTK/dcmtk/releases/tag/DCMTK-3.7.0
- https://support.dcmtk.org/redmine/issues/1183
- https://vuldb.com/?ctiid.337004
- https://vuldb.com/?id.337004
- https://vuldb.com/?submit.714605
- https://vuldb.com/?submit.714634
