Nixpkgs security tracker

Untriaged

Permalink CVE-2026-5663

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 week, 4 days ago

OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.

References

VDB-355486 | OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection vdb-entrytechnical-description
VDB-355486 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #786061 | OFFIS DCMTK up to 3.7.0 OS Command Injection third-party-advisory
https://machinespirits.com/advisory/2e1627/ related
https://support.dcmtk.org/redmine/issues/1194 issue-tracking
https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8 patch

Affected products

DCMTK

==3.2
==3.0
==3.1
==3.6
==3.3
==3.7.0
==3.4
==3.5

Matching in nixpkgs

pkgs.dcmtk

Collection of libraries and applications implementing large parts of the DICOM standard

nixos-unstable 3.6.9
- nixpkgs-unstable 3.6.9
- nixos-unstable-small 3.6.9
nixos-25.11 3.6.9
- nixos-25.11-small 3.6.9
- nixpkgs-25.11-darwin 3.6.9

Package maintainers

@iimog Markus J. Ankenbrand <iimog@iimog.org>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.dcmtk

Package maintainers