CVE-2025-25475 Affecting dcmtk package, versions <3.6.9-4

Q: How to fix?

Upgrade Debian:unstable dcmtk to version 3.6.9-4 or higher.

Threat Intelligence

Not Defined

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-DCMTK-8738005
published20 Feb 2025
disclosed18 Feb 2025

Report a new vulnerability Found a mistake?

Introduced: 18 Feb 2025

NewCVE-2025-25475 (opens in a new tab)

How to fix?

Upgrade Debian:unstable dcmtk to version 3.6.9-4 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream dcmtk package and not the dcmtk package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

References

https://security-tracker.debian.org/tracker/CVE-2025-25475
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245