← Back to CVEs
CVE-2022-2119
HIGH7.5
Description
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorADJACENT_NETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published6/24/2022
Last Modified11/3/2025
Sourcenvd
Honeypot Sightings0
Affected Products
offis:dcmtk
Weaknesses (CWE)
CWE-22
References
https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01(ics-cert@hq.dhs.gov)
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.