CVE-2025-2357 – A critical memory corruption vulnerability in D... (How to Fix)

Q: What is the severity of CVE-2025-2357?

CVE-2025-2357 has a CVSS score of 6.3 (MEDIUM). A critical memory corruption vulnerability in DCMTK's JPEG-LS decoder allows remote attackers to potentially execute arbitrary code or crash applications. This affects systems using DCMTK 3.6.9 for medical imaging processing. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A critical memory corruption vulnerability in DCMTK's JPEG-LS decoder allows remote attackers to potentially execute arbitrary code or crash applications. This affects systems using DCMTK 3.6.9 for medical imaging processing. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

DCMTK (DICOM Toolkit)

Versions: 3.6.9 (specifically the dcmjpls JPEG-LS decoder component)

Operating Systems: All platforms running DCMTK

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using DCMTK to process JPEG-LS encoded DICOM medical images is vulnerable when handling malicious input.

📦 What is this software?

Dcmtk by Offis

View all CVEs affecting Dcmtk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment on affected medical imaging systems.

🟠

Likely Case

Application crashes causing denial of service in medical imaging workflows, potentially disrupting patient care and diagnostic processes.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls, though service disruption remains possible.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing systems prime targets.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to network-based attacks but have reduced attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and memory corruption vulnerabilities in image decoders are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch 3239a7915

Vendor Advisory: https://support.dcmtk.org/redmine/issues/1155

Restart Required: Yes

Instructions:

1. Download the patch from DCMTK issue tracker. 2. Apply patch 3239a7915 to DCMTK source code. 3. Recompile DCMTK. 4. Replace vulnerable binaries with patched versions. 5. Restart affected services.

🔧 Temporary Workarounds

Disable JPEG-LS Processing

all

Configure DCMTK to reject or skip JPEG-LS encoded images

Modify DCMTK configuration to disable dcmjpls decoder support

Network Segmentation

all

Isolate DCMTK systems from untrusted networks

Implement firewall rules to restrict access to DCMTK services

🧯 If You Can't Patch

Implement strict input validation and sanitization for all DICOM image processing
Deploy memory protection controls like ASLR and DEP, and monitor for crash events

🔍 How to Verify

Check if Vulnerable:

Check if DCMTK version is 3.6.9 and if dcmjpls component is present and active

Check Version:

dcmdump --version | grep -i dcmtk

Verify Fix Applied:

Verify patch 3239a7915 is applied by checking source code or running tests with known malicious JPEG-LS samples

📡 Detection & Monitoring

Log Indicators:

DCMTK process crashes
Memory access violation errors
Unexpected termination of medical imaging services

Network Indicators:

Unusual network traffic to DCMTK ports (default 104)
Multiple connection attempts with malformed DICOM data

SIEM Query:

process_name:"dcmtk" AND (event_type:crash OR error_message:"memory" OR error_message:"corruption")

📊 Metadata

CVE ID: CVE-2025-2357

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.37% exploit probability (58.1th percentile)

Published: March 17, 2025

Last Updated: November 3, 2025

🔗 References

https://support.dcmtk.org/redmine/issues/1155 Issue Tracking,Vendor Advisory
https://support.dcmtk.org/redmine/issues/1155?tab=history#note-1 Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.299824 Permissions Required,VDB Entry
https://vuldb.com/?id.299824 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.513692 Third Party Advisory,VDB Entry
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2357, you might also want to check these: