Login Sign Up

CVE-2025-9732

5.3 MEDIUM
Denial of Service

📋 TL;DR

A memory corruption vulnerability in DCMTK's dcm2img component allows local attackers to potentially crash applications or execute arbitrary code. This affects DCMTK versions up to 3.6.9. The vulnerability requires local access to the system to exploit.

💻 Affected Systems

Products:
  • DCMTK (DICOM Toolkit)
Versions: Up to and including 3.6.9
Operating Systems: All operating systems running DCMTK
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability is in the dcm2img component, specifically in dcmimage/include/dcmtk/dcmimage/diybrpxt.h. Any application using this library component is affected.

📦 What is this software?

Dcmtk by Offis

View all CVEs affecting Dcmtk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise or arbitrary code execution with the privileges of the DCMTK process.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Minimal impact if proper access controls prevent unauthorized local users from interacting with DCMTK processes.

🌐 Internet-Facing: LOW - The vulnerability requires local access and cannot be exploited remotely.
🏢 Internal Only: MEDIUM - Local attackers with access to systems running vulnerable DCMTK versions could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of the vulnerable function. No public exploit code has been identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in commit 7ad81d69b, version after 3.6.9

Vendor Advisory: https://github.com/DCMTK/dcmtk/commit/7ad81d69b

Restart Required: Yes

Instructions:

1. Update DCMTK to a version after 3.6.9 that includes commit 7ad81d69b. 2. Recompile any applications using DCMTK. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems running DCMTK applications

Disable vulnerable component

all

If possible, disable or remove the dcm2img functionality

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized local users from accessing DCMTK applications
  • Monitor systems for abnormal process behavior or crashes related to DCMTK processes

🔍 How to Verify

Check if Vulnerable:

Check DCMTK version: dcmdump --version or examine installed package version

Check Version:

dcmdump --version 2>/dev/null | head -1

Verify Fix Applied:

Verify DCMTK version is greater than 3.6.9 or includes commit 7ad81d69b in git history

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of DCMTK-related processes
  • Memory access violation errors in application logs

Network Indicators:

  • No network indicators - local vulnerability only

SIEM Query:

Process: (dcm* OR *dicom*) AND Event: (Crash OR AccessViolation OR SegmentationFault)

📊 Metadata

CVE ID: CVE-2025-9732
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.02% exploit probability (5.1th percentile)
Published: August 31, 2025
Last Updated: September 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9732, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)