DCMTK dcmqrscp parseQuota stack-based overflow

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

栈缓冲区溢出

DCMTK 安全漏洞

DCMTK是DCMTK开源的一个实现大部分 DICOM 标准的库和应用程序的集合。用于检查、构建和转换 DICOM 图像文件、处理离线媒体、通过网络连接发送和接收图像的软件，以及演示图像存储和工作列表服务器。 DCMTK 3.6.5及之前版本存在安全漏洞，该漏洞源于对组件dcmqrscp中函数parseQuota的参数StorageQuota的错误操作，可能导致栈缓冲区溢出。

N/A

N/A